Last week, the Seoul Metropolitan Police Agency (SMPA) announced that it has dismantled one of the most sophisticated cybercrime operations in recent history. Their meticulous two-year investigation uncovered a shocking theft of 39 billion won (approximately $30 million) from 258 high-profile victims, including corporate executives. The international hacking organization had employed methods so advanced and audacious that they stunned even veteran investigators. Although these criminals attempted to obscure their tracks through cryptocurrency, the skilled investigators at SMPA were able to leverage cutting-edge blockchain intelligence tools to follow the digital breadcrumbs.
The case: A bold cybercriminal enterprise
In September 2023, the Seoul Metropolitan Police Agency’s Cyber Investigation Team received what seemed like a routine complaint from a domestic CEO about unauthorized account access. By December, these reports had multiplied, revealing a pattern of unauthorized phone accounts being used to drain funds from victims’ accounts.
What investigators uncovered was an elaborate criminal enterprise targeting South Korea’s wealthiest individuals. The operation was sophisticated: after successfully hacking victims’ personal information and stealing funds, the criminals would impersonate agency employees and approach victims’ family members to gather even more personal data, preparing for additional thefts.
“It’s a criminal method that I could never have imagined,” said Kim Kyung-hwan, the head of the Seoul Metropolitan Police Agency’s Cyber Crime Investigation Team.
Following the funds on-chain with Chainalysis
As in many modern financial crimes, the hackers attempted to complicate the investigation by converting stolen funds into cryptocurrency. This is where Chainalysis’ blockchain data platform became critical to the investigation.
The Seoul Metropolitan Police Agency leveraged Chainalysis’ solutions to untangle a complex web of cryptocurrency transactions. By using Chainalysis Reactor, investigators could visualize and track the flow of illicit funds across the blockchain ecosystem, revealing connections that would have otherwise remained hidden.
A Chainalysis Reactor graph was specifically mentioned in reporting about the case, demonstrating how our technology provided crucial insights into the criminal organization’s financial movements. The criminals tried to make tracking of the illicit funds difficult by converting all criminal proceeds into cryptocurrency, but the inherent transparency of the blockchain combined with our advanced blockchain intelligence tools makes this strategy moot.
The investigation ultimately expanded beyond South Korea’s borders. The group’s leader, identified only as “Mr. A”, primarily resided in China and Thailand, necessitating international cooperation.
Working with Interpol, investigators tracked the target to Thailand. By analyzing patterns of behavior — from golf course visits to hotel stays — law enforcement finally captured Mr A, who was subsequently extradited to Korea after 106 days.
Blockchain intelligence: A crucial investigative tool
This case exemplifies why Chainalysis’s solutions have become essential components of modern financial criminal investigations:
- Tracing the untraceable: When criminals attempt to use cryptocurrency to obscure their tracks, Chainalysis tools provide the transparency needed to follow the money. In this case, even as funds moved across different asset types, our platform maintained visibility.
- Visualizing complex networks: The visualization capabilities of Chainalysis Reactor allowed investigators to understand and map the relationships between transactions, addresses, and entities.
- Enabling asset recovery: Of the 39 billion won stolen, 14 billion won was recovered — a process that can only be achieved when backed by quality data. It is also important to remember that the seizure of illicit funds will be critical to crippling criminal operations and preventing reinvestment in illicit activities.
The successful conclusion of this investigation sends a powerful message: cryptocurrency is not the haven for criminal activity that some might believe. As Superintendent Kim Jae-hyun of the National Police Agency’s Interpol Cooperation Unit stated regarding fugitives who believe they can’t be caught: “You will definitely be caught someday.”
The evolution of crypto-enabled crime and investigation
As cryptocurrency adoption continues to grow globally, we’re seeing criminal techniques evolve in parallel. This case demonstrates how criminals are incorporating virtual assets into traditional financial crimes to add layers of complexity.
However, this evolution is matched by continuous improvements in blockchain analytics technology. At Chainalysis, we’re constantly enhancing our solutions to ensure law enforcement and organizations stay ahead of emerging threats.
Through close collaboration with law enforcement agencies across the globe, like the Seoul Metropolitan Police Agency, we’re building a safer cryptocurrency ecosystem — one where transparency ultimately prevails over attempts to hide illicit activity.
With every successful case, the message becomes clearer: blockchain analysis is revolutionizing how financial crimes are investigated, making cryptocurrency an increasingly hostile environment for would-be criminals.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.