In brief
- A hacking syndicate allegedly stole $28.1 million (₩39 billion) from financial and crypto accounts of 258 wealthy Koreans, including celebrities and top business executives.
- The largest single crypto theft reached $15.4 million (₩21.3 billion), though authorities haven't specified what portion of the total losses was in crypto.
- The case exposes systematic vulnerabilities in Korea's digital infrastructure as international criminal organizations increasingly target the country's elite, Decrypt was told.
Seoul police have dismantled an international hacking ring that systematically targeted South Korea's wealthiest individuals, including BTS member Jungkook and top business executives, after the group stole $28.1 million (₩39 billion) from victims' financial and crypto accounts.
The Seoul Metropolitan Police Agency's Cyber Investigation Unit announced the arrest of 16 suspects Thursday, including two Chinese ringleaders who allegedly orchestrated the scheme from bases in China and Thailand between July 2023 and April 2024, according to Korea Joongang Daily.
"This incident highlights a critical reality: international criminal organizations are systematically targeting Korean entities, and most domestic institutions lack adequate defenses against their advanced hacking capabilities," Rich O., regional manager APAC at hardware wallet manufacturer OneKey, told Decrypt.
According to the police, the criminal organization breached government and financial institution websites to steal personal data from wealthy targets, then used this information to create over 100 fraudulent phone accounts that bypassed security systems and enabled unauthorized access to victims' bank and crypto wallets.
While they harvested data from 258 high-profile individuals, including 28 crypto investors, 75 business executives, 12 celebrities, and 6 athletes, actual theft attempts were allegedly made against only 26 people, whose combined account balances totaled $39.8 billion (₩55.22 trillion).
Among them, the hackers reportedly stole from 16 victims, with the largest single crypto theft reaching $15.4 million (₩21.3 billion).
Financial institutions blocked an additional $18 million (₩25 billion) in attempted thefts targeting 10 other victims, thereby preventing further losses.
Crypto holders “prime targets”
Crypto holders have become "prime targets", but remain just one segment of the wealthy individuals hackers pursue, O. said.
He said the case marks “a new level of hacking threat” because of the “systematic hacking of government and financial institutions to profile wealthy individuals.”
In Jungkook's case, attackers allegedly attempted to drain $6.1 million (₩8.4 billion) in Hybe entertainment stock holdings in January following his military enlistment.
However, banking systems flagged the unusual activity, and his management company intervened, blocking the unauthorized transfers.
Authorities successfully froze and returned $9.2 million (₩12.8 billion) to victims through quick response measures.
The two alleged ringleaders were arrested in Bangkok with Interpol’s help. One of the accused has been extradited to Korea to face 11 charges, including network and economic crimes.
"This incident of bypassing the non-face-to-face authentication system is 'unprecedented,' and the vast sums accessed 'could have easily led to an even bigger crime,'” Oh Gyu-sik, head of the Seoul Metropolitan Police Agency's 2nd Cyber Investigation Unit, said.
"Given the repeated breaches of Korean government agencies and telecom carriers, a multi-layered defense strategy is essential," O. said.
He called for "stricter identity verification" for telecom services and "robust international law enforcement coordination" to combat cross-border cybercrime operations since “this involved Chinese criminal organizations.”