Police Confirm North Korea Stole $50M Ether from Upbit Crypto Exchange

South Korean authorities have identified North Korean hacker groups Lazarus and Andariel as the culprits behind the 2019 hack of Upbit, a South Korea-based cryptocurrency exchange. The breach resulted in the theft of 342,000 Ether, valued at approximately $50 million at the time.

According to Yonhap News, on November 21, the National Office of Investigation officially confirmed North Korean hackers’ involvement, marking the first acknowledgment of their role in a crypto-related cybercrime by a South Korean investigative body.

North Korea Stole $50M Ether

Upbit first disclosed the theft on November 27, 2019, explaining that the stolen Ether had been taken from its hot wallet. At the time, Ether was priced at roughly $147 per coin. Given the significant increase in Ether’s value since then, the stolen amount would now be worth over $1 billion.

Investigators believe that roughly 57% of the stolen Ether has been sold through exchanges reportedly controlled by North Korean entities, while the remaining funds were dispersed and laundered via 51 international exchanges. 

Authorities tracked cryptocurrency transactions, examined IP addresses and linguistic patterns, and data provided by the U.S. Federal Bureau of Investigation to verify North Korea’s involvement. Details of the hackers’ methods remain undisclosed to deter imitation attacks.

Upbit Faces Regulatory Scrutiny

The South Korean police announcement coincides with increased scrutiny of Upbit’s compliance practices. On November 14, South Korea’s Financial Intelligence Unit (FIU) identified approximately 600,000 potential Know Your Customer (KYC) violations during the exchange’s business license renewal review. 

Upbit allegedly accepted identification cards with obscured details, complicating user verification processes. Each violation could result in fines of up to $71,500 and pose challenges to the renewal of the exchange’s operating license.

While addressing these regulatory challenges, Upbit has also been managing operational updates, such as the recent temporary suspension of deposits and withdrawals for NEAR Protocol. The suspension was implemented to ensure a seamless network upgrade for the blockchain, which supports scalable Web3 applications. 

According to the exchange, services will resume once the network is confirmed stable, with an announcement to follow.