North Korean Cyberattacks on South Korean Cryptocurrency Exchanges
Recent findings have drawn significant attention to the involvement of North Korean hacking entities in numerous cyberattacks on cryptocurrency exchanges situated in South Korea since 2018. A comprehensive assessment released by Crystal Intelligence, dubbed the 2026 South Korea Country Assessment Report, indicates that the notorious Lazarus Group, a cybercrime unit supported by the North Korean government, has been implicated in a staggering six out of nine major breaches targeting South Korean platforms from 2017 through 2025. The total losses from these breaches have been estimated at between $196 million and $225 million, with confirmed thefts surpassing $120 million.
Key Incidents and Trends
The report outlines several key incidents, including a significant attack on a major exchange in November 2025, where approximately $30.4 million was stolen. While this case is still being investigated, connections to the Lazarus Group are believed to exist. Previous attacks attributed to this group include a 2019 theft of $49 million worth of Ethereum and a 2022 cross-chain exploit reaching $100 million.
In a broader context, external analyses by Chainalysis, CertiK, and Elliptic have classified North Korea as the leading perpetrator in global cryptocurrency theft, with an estimated loss of $2.02 billion in 2025 alone, which constitutes about 60% of the total crypto theft reported globally that year, approximately $3.4 billion. Chainalysis researchers have noted that North Korean hackers are using increasingly sophisticated tactics, such as infiltrating crypto firms by employing insiders who provide them with access to sensitive company data.
Illegal Cryptocurrency Transactions
The report also reveals an alarming trend regarding illegal cryptocurrency transactions within South Korea, amounting to $7.1 billion between 2021 and August 2025, with a substantial portion—about $6.4 billion—attributed to a network known as Hwanchigi. This operation allegedly converts funds into cryptocurrency offshore before laundering it through domestic exchanges and subsequently cashing it out. Tracking such transactions remains particularly challenging due to their operation across various jurisdictions, which evade standard oversight mechanisms.
An example highlighted in the report details South Korean customs officials dismantling a sophisticated Hwanchigi scheme in January 2026, which had been the focus of a four-year investigation and involved $113 million. Additionally, two Russian individuals were reported to have facilitated over 6,000 transactions valued at $42 million through a laundering corridor connecting Russia and South Korea.
Peer-to-Peer Trading and Fraud Incidents
The report indicates that peer-to-peer (P2P) trading remains prevalent, often circumventing regulatory structures, with settlements linked to Chinese payment infrastructures and various remittance services. Such methods undermine effective tracking due to the evasion of the real-name verification protocols mandated in South Korea. Privacy-centric cryptocurrencies like Monero have appeared in numerous listings, raising red flags regarding potential money laundering activities.
Furthermore, rising fraud incidents within the South Korean crypto community have been noted, with investment scams termed “pig-butchering” leading to losses amounting to $70.6 million across 1,565 cases in 2025—a significant 48% increase from the previous year’s statistics. Concerningly, around 1,000 South Koreans have been found linked to scam operations across regions such as Cambodia, Myanmar, and Laos. Notably, a deepfake-related fraud scheme in January 2026 resulted in the repatriation of 73 victims, who collectively incurred losses around $33 million.
Regulatory Responses
In response to the escalating threats and vulnerabilities within the cryptocurrency landscape, South Korean regulators have tightened their grip on oversight within the sector. Regulations now require that all virtual asset service providers register with the Korea Financial Intelligence Unit (KFIU) and maintain accounts that comply with real-name verification laws. The KFIU took decisive action in March 2026, imposing a hefty $24.6 million fine and a six-month partial suspension on a domestic exchange due to over 6.65 million alleged violations of anti-money laundering regulations. Although a Seoul Administrative Court later annulled the suspension in May 2026, the enforcement effort represents a significant moment in South Korea’s ongoing battle against financial crime in the cryptocurrency sector.
