PANews reported on November 21 that South Korean police have officially confirmed for the first time that the 342,000 Ethereum stolen from the South Korean cryptocurrency exchange Upbit in 2019 (worth 58 billion KRW at the time, now valued at approximately 1.47 trillion KRW) was the work of North Korean hacker organizations.

The police indicated that the "Lazarus" and "Andariel" hacker groups, which are under the North Korean Reconnaissance General Bureau, were involved in the attack. This conclusion was drawn based on evidence such as North Korean IP addresses, the flow of encrypted assets, traces of North Korean vocabulary usage, and data obtained from investigations in cooperation with the FBI.

Of the stolen Ethereum, 57% was exchanged for Bitcoin at a price 2.5% below the market rate through three suspected money laundering platforms set up by North Korea, while the remaining assets were dispersed and laundered through 51 overseas exchanges. In 2020, police discovered that part of the stolen Bitcoin was stored in a Swiss exchange, and after four years of effort, they successfully recovered 4.8 Bitcoin (approximately 600 million KRW) in October this year and returned it to Upbit.

South Korean police confirm North Korea's involvement in the 2019 Upbit theft of 58 billion Korean Won worth of Ethereum.