North Korea’s Lazarus Group, Andariel Linked to 2019 Upbit Hack
Lazarus and Andariel hacking groups behind 2019 Upbit hack, reveals South Korea’s investigation.
Highlights:
•
South Korea confirms Lazarus and Andariel groups behind 2019 Upbit cyberattack, stealing $50M.
•
Investigators traced stolen funds through exchanges, linking the attack to North Korean hackers.
•
Upbit faces regulatory scrutiny over KYC violations, complicating its business license renewal.

South Korean authorities have confirmed that North Korea’s hacking groups, Lazarus Group and Andariel, were behind the 2019 cyberattack on Upbit. This attack led to the theft of 342,000 Ethereum, worth $50 million at the time. This is the first time South Korea has linked a major cybercrime to North Korea’s hackers.
Investigation Links the Hack to North Korea
On Thursday, the National Office of Investigation in South Korea revealed the hackers used advanced methods to steal funds from Upbit’s hot wallet. Investigators traced crypto transactions, IP addresses, and communication patterns, which all pointed to North Korean hackers.
The FBI helped confirm these findings. While details on the hacking methods were not fully shared, authorities confirmed that 57% of the stolen Ethereum was sold on exchanges controlled by North Korea. The rest was spread across 51 foreign exchanges to hide the stolen funds.
Lazarus Group’s Global Cybercrime Reach
Lazarus Group has a long history of cybercrimes. In 2022, U.S. officials tied them to the $620 million theft from Axie Infinity’s Ronin Network. The FBI also confirmed that Lazarus and APT38 were behind the Upbit attack.
Lazarus first gained international attention in 2014 when it allegedly hacked Sony Pictures over the movie The Interview, which mocked North Korean leader Kim Jong Un. Since then, Lazarus has been involved in several large-scale cyberattacks.
The confirmation of North Korea’s involvement has also led to more scrutiny of Upbit. South Korea’s Financial Intelligence Unit found over 600,000 potential Know Your Customer (KYC) violations at the exchange.
Related news
Subscribe To
Web3Buzz
Connecting you to the world of Web3
Related News
People also like to read
Latest News