International Hacking Ring Exposed: $28.1 Million Stolen From South Korea's Elite Through Crypto and Finance Accounts

A sophisticated cybercriminal network operating across China and Thailand systematically plundered financial and digital asset accounts belonging to 258 high-net-worth South Koreans, according to Seoul authorities. The heist, which unfolded between mid-2023 and early 2024, resulted in confirmed losses of $28.1 million, with the largest single crypto theft valued at $15.4 million.

How the Attack Unfolded

The operation was anything but random. Police revealed that the 16 arrested suspects—led by two Chinese organizers—executed a multi-stage infiltration strategy. First, they breached government and financial institution databases to harvest personal data of wealthy targets. Armed with this information, the criminals generated more than 100 fake phone accounts, which they weaponized to circumvent security authentication systems and gain unauthorized entry to victims’ banking portals and crypto wallets.

The scope of potential damage far exceeded what actually materialized. While theft attempts were made against only 26 of the 258 profiled individuals, the targeted accounts collectively held $39.8 billion in assets. Financial institutions managed to intercept and block $18 million in attempted unauthorized transfers, preventing additional harm to 10 victims.

Crypto Investors: Premium Targets

Among those targeted were 28 crypto investors, alongside 75 corporate executives, 12 entertainment celebrities, and 6 professional athletes. Jungkook of BTS became a notable case: hackers tried to liquidate $6.1 million in entertainment company holdings, but banking safeguards and his management team intervened before the transaction completed.

Ultimately, authorities recovered $9.2 million and returned it to affected victims through rapid intervention protocols.

A Systemic Security Gap

Experts flagged a troubling pattern. The hacking ring’s ability to compromise government and telecommunications infrastructure—then exploit that access to target elite individuals—represents an escalating threat level. The breach of non-face-to-face authentication systems was branded “unprecedented” by Korean law enforcement.

Industry observers noted that crypto holders face particular vulnerability as high-value targets for international criminal syndicates. The coordinated nature of this operation—sourcing victim data, manufacturing fraudulent access points, and executing simultaneous theft attempts—demonstrates how organized international crime has professionalized attacks on digital asset holders.

South Korean officials emphasized that a layered defense strategy is now essential, including stricter identity verification for telecom services and enhanced cross-border law enforcement collaboration to dismantle transnational cybercrime networks before they escalate further.