A coordinated international hacking group has been dismantled in South Korea after stealing nearly 39 billion won ($28.1 million) from high-profile individuals, including BTS member Jungkook.
Authorities arrested 16 suspects, with two ringleaders, identified only as Mr. A (35) and Mr. B (40), captured following operations in Bangkok with Interpol and Thai police.
Between July 2023 and April 2024, the group breached six poorly protected websites across government agencies, IT platforms, and financial institutions.
Investigators said they accessed personal and financial information from 258 victims, including 75 business leaders, 11 lawyers and officials, 12 celebrities, six athletes, and 28 cryptocurrency investors.
The combined holdings of these accounts reportedly exceeded 55.22 trillion won, with some individuals controlling more than 12 trillion won.
Using stolen identities, the hackers registered 118 mobile SIM cards under 89 victims’ names.
These accounts allowed them to bypass verification systems and withdraw funds from both bank and crypto accounts.
While 39 billion won was successfully stolen from 16 victims, financial institutions blocked another 25 billion won in attempted thefts.
The largest confirmed single loss was 21.3 billion won in digital assets.
Among the targets was BTS star Jungkook, whose brokerage account faced an attempted theft of 8.4 billion won worth of HYBE stock.
Officials intervened after suspicious activity was flagged, freezing transactions and preventing actual losses.
Police reported that 12.8 billion won has been recovered through rapid action, including account freezes and withdrawal blocks.
The investigation began after reports of unauthorised mobile activations were filed at Namdaemun Police Station in September 2023.
Namdaemun Police Station
Suspects were apprehended gradually between November 2023 and April 2024.
The two main ringleaders, who frequently travelled between China and Thailand, were arrested in Bangkok in May.
Mr. A has been extradited to South Korea and faces 11 charges, including fraud and hacking, while Mr. B remains in Thai custody awaiting extradition.
Three suspects remain detained in South Korea, with others facing prosecution under the Information and Communications Network Act.
Oh Gyu-sik, head of Seoul’s 2nd Cyber Investigation Unit, said,
“This incident of bypassing the non-face-to-face authentication system is unprecedented. Given the scale of the accounts they accessed, the damage could have been even greater. We will work to strengthen response systems and better protect citizens’ financial security.”
The hacking case highlights growing vulnerabilities in digital finance, particularly as South Korea remains a leading market for cryptocurrency.
In 2024, Chainalysis reported $130 billion in regional inflows, with more than 10.8 million Koreans trading digital assets.
Over 10,000 investors hold balances above 1 billion won, mainly younger traders in their 20s, who report the highest average holdings.
Recent incidents show a pattern of fraud exploiting digital finance, from fake crypto investment schemes defrauding dozens of victims to senior officials misappropriating funds from bogus projects.
Prosecutors are also investigating large-scale money laundering through platforms such as Neteller Pay, which reportedly processed 943.4 billion won between 2019 and 2024.
Authorities are now preparing regulatory measures, including the approval of South Korea’s first spot crypto ETFs and a won-pegged stablecoin, while exchanges like Upbit expand custody services for institutional investors.
Investigators noted that the hackers deliberately focused on wealthy individuals unlikely to respond quickly, such as those in prison or military service.
The operation demonstrates how gaps in non-face-to-face authentication systems can be exploited, even against highly visible targets like celebrities and business leaders.
The case remains under active investigation, with authorities seeking further evidence against Mr. B and other accomplices.
The scale of the operation and cross-border coordination underline the complexity of cybercrime in South Korea’s rapidly evolving digital economy.
The legitimacy of “Trump Coin” ($DJT), supposedly launched by Donald Trump and his son Barron, is under heavy scrutiny, with many suspecting it might be a scam due to various red flags and lack of official confirmation. Despite the hype, skepticism pervades the crypto community about the token’s authenticity and potential for market manipulation.
WeatherlyScam Sniffer has recently reported a concerning surge in cryptocurrency theft in 2023. This surge can be attributed to the rising complexity of phishing scams.
ZoeyAuthorities are taking note of crypto scams and potential ways to deal with them.
BeincryptoCryptocurrency regulation is getting more challenging in the United States following several cases of fraud and crashes of crypto-related firms.
BitcoinistSince this revelation, Paul has responded to Coffeezilla’s expose. Paul claims that the report is ‘simply not true’.
OthersA range of sketches show the changes the fraudster might have endured to evade capture.
BeincryptoCrypto scams involving bogus giveaways have grown into a black market industry of sorts with several services designed to support fraudulent activities.
BitcoinistBitcoinistGoogle's threat analysis team attributed the attacks to a group of hackers recruited in a Russian-language forum to sell hacked YouTube channels to the highest bidder.
CointelegraphViewers of the documentary, especially those who knew the full story, resonated with the founder's conspiracy theory of faked deaths.
Cointelegraph