Overseas hacking ring leader arrested for embezzlement

In January last year, 33,500 HYBE shares suddenly disappeared from BTS member Jungkook’s brokerage account. Someone reportedly used Jungkook’s name to steal shares worth about 8.4 billion won at the time. He had enlisted in the military a month earlier. BigHit Music, his agency, quickly froze the account after noticing the suspicious transactions, preventing any actual financial loss.

These suspicious stock transactions were not isolated incidents. In October 2023, about 2.5 billion won worth of Ecopro shares were sold from the account of former Ecopro Chairman Lee Dong-chae, who was serving a prison sentence after being convicted of trading under a borrowed name. Someone reportedly used Lee’s name to sell the shares and attempted to transfer them to another account. Earlier last year, former Kakao Chief Investment Officer Bae Jae-hyun, who was in prison on charges of violating the Capital Markets Act, also had his personal information hacked, resulting in the withdrawal of hundreds of millions of won.

An overseas hacking ring leader has been arrested for allegedly using the identities of celebrities, major company chairmen, and venture business leaders to embezzle about 38 billion won. Police plan to seek an arrest warrant after completing their investigation.

On Aug. 22, the Ministry of Justice announced that A, a 34-year-old Chinese national and leader of the hacking organization, was extradited from Bangkok, Thailand, to Incheon Airport. From August 2023 to January last year, A organized an overseas hacking ring, including operations in Thailand, and stole personal information such as ID details by infiltrating telecommunications company websites. The group then fraudulently opened prepaid mobile phone accounts in victims’ names, installed brokerage apps on the phones, and downloaded digital certificates to siphon funds from victims’ bank and cryptocurrency accounts.

Investigators found that the hacking ring also used bold methods, such as applying for loans using victims’ stock holdings as collateral or creating new accounts at other brokerages to transfer the shares. The group reportedly exploited a loophole in the open banking system, which allows a single account to access and manage holdings across multiple financial institutions.

According to the Ministry of Justice, there are roughly 20 confirmed victims, including celebrities, major company chairmen, and venture business leaders, with total losses reaching about 38 billion won. The investigation also found that the hackers targeted individuals whose assets were difficult to monitor, including Jungkook, who was serving in the military, as well as other victims who were incarcerated at the time.

The Ministry of Justice said it tracked A’s whereabouts with the Seoul Metropolitan Police Agency and Interpol and received intelligence in April that he had entered Thailand, prompting an urgent extradition request to Thai authorities. An urgent extradition request is a system that allows authorities to detain a fugitive traveling through multiple countries before a formal request is filed. Working with the Southeast Asia cooperation network and Interpol, the ministry secured A’s custody within two weeks.

On Aug. 22, the Seoul Metropolitan Police Agency’s Cyber Investigation Unit said it will question suspects and analyze materials seized in connection with A. A police official said, “After the investigation, we will seek an arrest warrant for A. Given the significant social impact, we will carry out a thorough investigation.” The Ministry of Justice added, “Through the recently launched task force to respond to overseas voice phishing crimes, we will track and punish hacking, voice phishing, and online fraud organizations operating abroad.”