Extradition of Lithuanian Man for Cryptocurrency Theft
A Lithuanian man, aged 29, has been extradited from South Korea, where he faced accusations of orchestrating a sophisticated theft of approximately $1.8 million in digital currencies. This extradition, confirmed by the National Office of Investigation (NOI) on Sunday, comes after an extensive five-year investigation that crossed international borders.
Details of the Theft Scheme
According to authorities, the suspect was allegedly behind a scheme that involved the use of advanced malware to illegally reroute cryptocurrency transactions, siphoning funds directly into his own accounts. Over a period from April 2020 to January 2023, users in South Korea, along with individuals from various other countries, became targets of this malicious operation.
Central to the hacker’s strategy was the distribution of a malware known as KMSAuto, which was deceptively presented as a tool for activating Microsoft Windows software. This method attracted many users looking to bypass legitimate licensing fees for the operating system. Investigators reported that KMSAuto was downloaded more than 2 million times globally. Once installed, the malware utilized sophisticated memory-hacking techniques to change cryptocurrency wallet addresses during transactions in real-time, allowing the hacker to secretly divert the funds without the users’ awareness.
Impact on Victims
The scheme primarily focused on users who relied on unlicensed Windows activation tools. In total, over 3,100 cryptocurrency wallets were compromised due to this malware. The hacker managed to intercept a total of 840 transactions, resulting in the theft of 1.7 billion won. Notably, eight South Korean victims collectively lost around 16 million won. The case escalated in August 2020, when one victim reported losing one Bitcoin, which at that time was worth roughly 12 million won. The victim had transferred cryptocurrency to a known wallet, only to find it redirected elsewhere.
Investigation and Arrest
In the course of the investigation, authorities traced the stolen assets through various local exchanges and uncovered similar complaints from additional Korean victims, which prompted further inquiry. The suspect was ultimately identified through meticulous digital forensic work and cooperation among international law enforcement.
Late last December, South Korean authorities sought assistance from their Lithuanian counterparts, including the Ministry of Justice and local police, leading to a raid on the suspect’s residence in Lithuania. During this operation, law enforcement seized 22 items, including mobile phones and laptops, considered crucial for the investigation. Subsequently, South Korean police submitted a red notice request to Interpol to facilitate the prosecution of the accused.
