South Korea Breaks Up International Hacking Ring Targeting Celebrities and Executives
A coordinated international hacking group has been dismantled in South Korea after stealing nearly 39 billion won ($28.1 million) from high-profile individuals, including BTS member Jungkook.
Authorities arrested 16 suspects, with two ringleaders, identified only as Mr. A (35) and Mr. B (40), captured following operations in Bangkok with Interpol and Thai police.
How Hackers Exploited Weak Security
Between July 2023 and April 2024, the group breached six poorly protected websites across government agencies, IT platforms, and financial institutions.
Investigators said they accessed personal and financial information from 258 victims, including 75 business leaders, 11 lawyers and officials, 12 celebrities, six athletes, and 28 cryptocurrency investors.
The combined holdings of these accounts reportedly exceeded 55.22 trillion won, with some individuals controlling more than 12 trillion won.
Using stolen identities, the hackers registered 118 mobile SIM cards under 89 victims’ names.
These accounts allowed them to bypass verification systems and withdraw funds from both bank and crypto accounts.
While 39 billion won was successfully stolen from 16 victims, financial institutions blocked another 25 billion won in attempted thefts.
The largest confirmed single loss was 21.3 billion won in digital assets.
Jungkook Targeted in High-Value Attempt
Among the targets was BTS star Jungkook, whose brokerage account faced an attempted theft of 8.4 billion won worth of HYBE stock.
Officials intervened after suspicious activity was flagged, freezing transactions and preventing actual losses.
Police reported that 12.8 billion won has been recovered through rapid action, including account freezes and withdrawal blocks.
Cross-Border Arrests and Ongoing Investigation
The investigation began after reports of unauthorised mobile activations were filed at Namdaemun Police Station in September 2023.
Namdaemun Police Station
Suspects were apprehended gradually between November 2023 and April 2024.
The two main ringleaders, who frequently travelled between China and Thailand, were arrested in Bangkok in May.
Mr. A has been extradited to South Korea and faces 11 charges, including fraud and hacking, while Mr. B remains in Thai custody awaiting extradition.
Three suspects remain detained in South Korea, with others facing prosecution under the Information and Communications Network Act.
Oh Gyu-sik, head of Seoul’s 2nd Cyber Investigation Unit, said,
“This incident of bypassing the non-face-to-face authentication system is unprecedented. Given the scale of the accounts they accessed, the damage could have been even greater. We will work to strengthen response systems and better protect citizens’ financial security.”
Rising Threat of Crypto-Linked Fraud in South Korea
The hacking case highlights growing vulnerabilities in digital finance, particularly as South Korea remains a leading market for cryptocurrency.
In 2024, Chainalysis reported $130 billion in regional inflows, with more than 10.8 million Koreans trading digital assets.
Over 10,000 investors hold balances above 1 billion won, mainly younger traders in their 20s, who report the highest average holdings.
Recent incidents show a pattern of fraud exploiting digital finance, from fake crypto investment schemes defrauding dozens of victims to senior officials misappropriating funds from bogus projects.
Prosecutors are also investigating large-scale money laundering through platforms such as Neteller Pay, which reportedly processed 943.4 billion won between 2019 and 2024.
Authorities are now preparing regulatory measures, including the approval of South Korea’s first spot crypto ETFs and a won-pegged stablecoin, while exchanges like Upbit expand custody services for institutional investors.
Were Celebrity and High-Profile Accounts an Easy Target?
Investigators noted that the hackers deliberately focused on wealthy individuals unlikely to respond quickly, such as those in prison or military service.
The operation demonstrates how gaps in non-face-to-face authentication systems can be exploited, even against highly visible targets like celebrities and business leaders.
The case remains under active investigation, with authorities seeking further evidence against Mr. B and other accomplices.
The scale of the operation and cross-border coordination underline the complexity of cybercrime in South Korea’s rapidly evolving digital economy.