On Thursday, South Korean police revealed that a sophisticated cyber operation connected to North Korea’s military intelligence agency was responsible for a staggering 2019 Ethereum cryptocurrency heist that amounted to 58 billion won (approximately $41.5 million at that time).
According to the National Police Agency, over half of the stolen Ethereum tokens were cleverly laundered through three crypto exchanges that were established by the hackers at discounted rates for Bitcoin, while the remainder was funneled through 51 other exchanges, as reported by News.Az, referencing information from Reuters.
The hackers executed a targeted infiltration of a cryptocurrency exchange where the Ethereum was stored, managing to steal an astonishing 342,000 tokens. This significant amount is currently appraised at over 1.4 trillion won (around $1 billion), according to police statements.
While the exchange involved has not been publicly named, a spokesperson from Upbit, a South Korean exchange, confirmed that it identified the unauthorized transfer of 58 billion won worth of Ethereum to an unidentified wallet shortly after the incident occurred.
Although a National Police Agency official refrained from confirming the specific identity of the cyber criminals, local media have disclosed that investigators have identified them as the notorious Lazarus and Andariel groups, which are reportedly linked to North Korea’s Reconnaissance General Bureau, an agency associated with the military.
The police’s conclusions stem from a meticulous investigation conducted by examining Internet Protocol addresses, alongside a detailed analysis of the subsequent movement of the illicit assets. This extensive probe was carried out in collaboration with the U.S. Federal Bureau of Investigation (FBI), marking the first occasion that North Korea has been definitively identified as the origin of a cyber assault on a cryptocurrency exchange within South Korea, officials reported.
In a related report from May, a panel of United Nations sanctions monitors expressed suspicion that North Korea has orchestrated a staggering 97 cyberattacks targeting cryptocurrency firms between 2017 and 2024, attempting to abscond with approximately $3.6 billion.
In a significant breakthrough, investigators traced 4.8 Bitcoin to a Swiss crypto exchange and successfully recovered the assets in October, returning them to the Seoul-based exchange where their current valuation stands at roughly 600 million won, according to police evidence.
Despite mounting evidence, North Korea consistently denies any involvement in cyber hacking activities or cryptocurrency heists.
News.Az
How can cryptocurrency exchanges enhance their defenses against state-sponsored cybercrime?
**Interview with Cybersecurity Expert, Dr. Kim Seung-Jin**
**Editor:** Thank you for joining us today, Dr. Kim. Recently, South Korean police have linked a sophisticated cyber operation to North Korea’s military intelligence agency concerning a 2019 Ethereum cryptocurrency heist. Can you give us an overview of what transpired?
**Dr. Kim:** Absolutely. In 2019, a significant cryptocurrency heist occurred, resulting in the theft of approximately 342,000 Ethereum tokens, valued at around 58 billion won or $41.5 million at that time. The investigation revealed that North Korean hackers infiltrated a cryptocurrency exchange, an operation that showcases their increasingly advanced capabilities in cybercrime. The heist is particularly notable because it highlights the intersection of state-sponsored cyber activities and international financial crime.
**Editor:** How did the hackers manage to launder the stolen Ethereum, and what does this mean for cryptocurrency exchanges?
**Dr. Kim:** The hackers were quite ingenious in their efforts. They set up three crypto exchanges at discounted rates for Bitcoin, which they used to launder a significant amount of the stolen Ethereum. Additionally, they funneled the remaining tokens through 51 other exchanges to obscure the trail. This method underscores the vulnerabilities in the cryptocurrency ecosystem, where lax regulations and lack of oversight can make it easier for illicit activities to thrive. It poses an ongoing challenge for law enforcement and regulatory agencies globally.
**Editor:** Has there been any impact on the cryptocurrency market since this revelation?
**Dr. Kim:** While immediate market fluctuations are difficult to determine in the wake of such news, long-term implications could involve increased scrutiny on exchanges and a push for regulatory reforms. Investors often become wary of security after such breaches, which can affect confidence in cryptocurrencies as a safe investment. Over time, we may also see a surge in demand for security measures and practices to safeguard against similar threats.
**Editor:** What steps can cryptocurrency exchanges take to protect themselves from such attacks in the future?
**Dr. Kim:** Exchanges need to implement robust cybersecurity measures, including advanced intrusion detection systems, regular security audits, and the use of cold storage for assets. Moreover, fostering a culture of cybersecurity awareness among employees is critical. Exchanges must also engage in collaboration with law enforcement and cybersecurity firms to share information about threats and enhancements in security protocols.
**Editor:** Thank you for your insights, Dr. Kim. This incident not only highlights the risks associated with cryptocurrency but also the ongoing challenges in combating cybercrime linked to state actors.
**Dr. Kim:** Thank you for having me. It’s vital that we remain vigilant and informed as this landscape continues to evolve.
