Seoul Detained Hackers: 39B Won, Among the Victims BTS Jungkook

Seoul detained hackers: 39B won, among the victims BTS Jungkook – the largest episode 21.3B in crypto; 12.8B returned; 25B attempts prevented. The operation is extremely wide in scope; there were 258 victims: 75 businesspeople, among whom was one of the top-100 group entrepreneurs, also 11 lawyers and public officials, 12 celebrities, 6 athletes, and 28 investors. There are many details; let’s look at them in more detail.

Join BloFin and qualify for up to $1,000 today

Start Trading

Operation Scale and Scheme

The Seoul Cyber Investigation Unit emphasizes that this concerns an international group that combined hacking six websites of government and public institutions, IT platforms, and financial organizations with the theft of personal and authentication data, and then illegally issued budget phones under non-face-to-face procedures. For this, they created an entire infrastructure, through which 118 SIMs were issued in the names of 89 victims for identity verification.

Speaking about the attack scheme itself, the organizers, Mr. A (35) and Mr. B (40), moved between China and Thailand, formed criminal groups, and from July 2023 to April 2025, carried out hacks of resources with vulnerable protection.

At the stage of initial access, the identifiers and authentication data of 258 persons were stolen. After collecting the data, the attackers ranked targets by the size of available balances: the total balance of the targeted accounts reached 55.22 trillion won, and as the ultimate target, an account with a balance of 12 trillion won was mentioned.

A technically critical element was the ability to issue SIMs in the names of victims and pass identity verification via channels that depend on phone numbers. In such scenarios, SMS verification can become a point of compromise, and accounts in crypto services where a phone is used as a second factor are potentially extremely vulnerable.

To learn more about advanced methods to secure your assets, see our Complete Guide to Self-Custody in Crypto: Security, Strategy, and Responsibility.

Damage, Prevented Episodes, and Recovery of Funds

Gaining access to the bank and virtual accounts of 16 victims through the issued budget phones, the attackers withdrew a total of 39 billion won, which is ~$28M. Additionally, the attackers attempted to withdraw 25 billion won from 10 victims, but these were blocked by financial organizations at the transaction stage.

Separately noteworthy is the case with Jungkook, where financial institutions detected an anomaly and suspended the payment, which did not lead to actual damage. The police also separately mention an attempt to divert a package of Hive shares worth 8.4 billion won. As of today, it was possible to return 12.8 billion won thanks to police withdrawal, blocking, and freezing measures.

Course of the Investigation, Arrests, and Legal Classification

After the first reports of illegal issuance of phones received by the Namdaemun Police Station, a direct investigation was launched in September 2023. From November 2023 to April, 16 members of the organization were gradually detained, including four midterm bookmakers.

The two ringleaders were arrested in Bangkok in May in the framework of international coordinated investigations, including an Interpol Red Notice; two ringleaders of Chinese nationality were identified. Mr. A was repatriated to Korea on August 22. Mr. B is being held in custody in Thailand.

According to the police, Mr. A was detained at the very moment of committing the crime; electronic devices used in the scheme were seized. On the 24th, they were charged with 11 counts, including violations of the Information and Communications Network Act and the Specific Economic Crimes Act (Fraud). The head of the 2nd Cyber Investigation Team of the Seoul Metropolitan Police Agency, Oh Gyu-sik, stated that the incident, which bypassed the non-face-to-face authentication system and affected a large array of verified accounts, was unprecedented and that the agency will quickly engage the response system of relevant organizations to minimize subsequent damage and protect public and personal assets.

Join BloFin and qualify for up to $1,000 today

Start Trading

Conclusion

A security bottleneck, especially in Web2, remains the theft of personal and authentication data through hacks, gaining control over phone numbers via non-face-to-face procedures, and the further use of these channels in identity verification.

Because of this, much remains on the user’s responsibility, as well as on chance. Always stay attentive, do not share your data, and use the maximum security methods for your accounts, especially those that are connected to your digital assets.