North Korea to blame for 342,000 ETH Upbit hack in 2019, South Korean police say

Quick Take

  • The South Korean police said in a Thursday statement that North Korea is behind the 2019 hack of the Upbit exchange that saw 342,000 ETH stolen.
  • This is the first time South Korea has identified North Korea as the perpetrator of a cryptocurrency heist.

South Korea has identified North Korea as the perpetrator behind the 342,000 ETH hack from Upbit exchange in November 2019, the country’s national police agency announced Thursday. 

According to the South Korean police, this is the first instance where the country has identified North Korea as the illicit actor behind a cryptocurrency heist.

“[We] reached this conclusion based on a comprehensive analysis of evidence obtained through investigation, including North Korean IP addresses, flow of virtual assets, and the use of North Korean terminology, and data from our long-term collaborative effort with the Federal Bureau of Investigation (FBI)," the statement said.

While the statement only referred to the exchange as 'A,' South Korean police confirmed to The Block that the victim was Upbit. The 342,000 ETH stolen in 2019 was worth approximately $41.5 million at the time. Due to the significant increase in ether’s price, the stolen tokens are now worth over $1 billion.

Around 57% of the stolen ether was converted into bitcoin at a 2.5% discount via three online exchanges that appear to be established by the attacker, according to the statement. The remainder were sent across 51 overseas exchanges and then laundered.

South Korean police, in collaboration with Swiss authorities, returned 4.8 BTC of the stolen funds to Upbit after it traced the cryptocurrency to a Swiss crypto exchange.

FBI has previously identified North Korea-backed hackers as the attackers behind several major crypto hacks, including the $100 million hack of Harmony's Horizon bridge and the $600 million hack of Sky Mavis' Ronin Bridge. The agency warned earlier this year that North Korean cybercriminals are "aggressively targeting" employees in the Web3 industry in a persistent effort to steal cryptocurrencies.


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Danny Park is an East Asia reporter at The Block writing on topics including Web3 developments and crypto regulations in the region. He was formerly a reporter at Forkast.News, where he actively covered the downfall of Terra-Luna and FTX. Based in Seoul, Danny has previously produced written and video content for media companies in Korea, Hong Kong and China. He holds a Bachelor of Journalism and Business Marketing from the University of Hong Kong.

Editor

To contact the editor of this story:
Adam James at
[email protected]