Criminals Who Embezzled 5.9 Billion Won Worth of Bitcoin Caught After Offering to Help with Virtual Asset Wallet Transfer

Individuals who approached with claims of safer ways to store coins transformed overnight into criminals who stole virtual assets.

Unaware of the situation, the victim entrusted their acquaintances with the task of moving their wallet, during which the individuals with malicious intent discovered the victim's recovery phrase and embezzled Bitcoin worth tens of billions of won into their own wallets.

On the 25th, the Seoul Metropolitan Police Agency announced that they had arrested a group of four men in their 30s who, in January of last year, illegally recovered 45 Bitcoins from the victim's virtual asset wallet and stole approximately 2.4 billion won (currently worth about 5.9 billion won).

The principal offender, A, planned the crime, while the Thai national, B, laundered the criminal proceeds in Thai baht. Both of these individuals were arrested after police tracking and have recently been handed over to the prosecution.

Employees B and C, who were responsible for managing and laundering the proceeds, are undergoing investigations without detention.

Bitcoin Theft Through Abuse of Trust with 'Social Engineering Hacking'

The arrested group began meticulous groundwork in 2022. At the time, the victim, unfamiliar with Bitcoin investment, purchased a cold wallet upon the suggestion of acquaintances (the defendants) who claimed, "To store it safely, use a cold wallet."

A cold wallet is a storage device for cryptocurrency, similar to an external USB, which is not connected to the internet, making it considered safer from hacking.

During this process, users must generate a mnemonic code (recovery phrase).

The defendants helped the victim transfer the wallet in early 2023 while secretly storing the recovery phrase they discovered. About a year later, they used this phrase to surreptitiously recover the victim's 45 Bitcoins into their wallets.

They also proceeded with money laundering by dividing the embezzled coins across multiple virtual asset exchanges. Some Bitcoins were converted into cash in Thailand's shadow market to evade tracking.

After a 10-month investigation, the police uncovered the group's activities and secured evidence, leading to the arrest of all suspects. Of the 45 Bitcoins embezzled, 25 were returned to the victim, and they plan to confiscate and recoup the remaining criminal proceeds in the future.

Virtual Asset Security Requires More than Technical Defenses

A notable aspect of this case is that the hackers did not employ highly advanced techniques but engaged in 'social engineering hacking' based on personal trust with the victim.

'Social engineering hacking' refers to a type of hacking that induces users to click on problematic links or voluntarily provide personal information through sophisticated fraud calls, text messages, or emails.

A police official stated, "The victim was relaxed and willingly provided their recovery phrase under the assurance that their wallet would be safely moved, and the defendants exploited this trust to commit the crime. Virtual assets are based on strong technological systems, but lack of individual security awareness can still lead to asset theft."

Image sources: Seoul Metropolitan Police Agency panoramic view / News1, defendants laundered the Bitcoin obtained from their crime into cash in Thailand / Seoul Metropolitan Police Agency, cold wallet used by defendants in the crime. Bitcoin storage device / Seoul Metropolitan Police Agency.