South Korea’s cyber sleuths scored a major win, extraditing a 29-year-old Lithuanian hacker who siphoned off 1.7 billion won ($1.18 million) in cryptocurrency from victims worldwide, including eight Koreans losing 16 million won combined. The National Office of Investigation (NOI) under the Korean National Police Agency announced the arrest Sunday after a grueling five-year-four-month global chase.
From April 2020 to January 2023, the suspect unleashed KMSAuto malware—masquerading as free Microsoft Windows activation software—downloaded 2.8 million times globally. The malicious code used “memory hacking” to silently swap victims’ wallet addresses during transactions, redirecting funds to the hacker’s accounts undetected.
Over 3,100 wallets infected across 8,400+ transactions. NOI’s probe ignited in August 2020 after a Korean lost 1 BTC (12 million won then). Tracing assets through six countries and local exchanges uncovered seven more domestic victims.
5-Year Manhunt: From Lithuania to Georgia
December 2024 saw Lithuanian authorities raid the suspect’s home, seizing 22 devices (phones, laptops) under Korean request. Interpol Red Notice triggered his April arrest in Georgia; extradition finalized for Korean prosecution.
NOI arrested him on arrival per court warrant. National Police Agency declared:
“We’ll pursue overseas cybercriminals targeting Koreans through transnational cooperation.” Cyber chief Park Woo-hyun vowed: “Firm response to borderless crime via global law enforcement and extradition.”
KMSAuto: Legit Tool Turned Lethal Thief
Targeting unlicensed Windows users, KMSAuto exploited clipboard/wallet memory—auto-replacing pasted addresses mid-transaction. Victims saw “successful” sends; hackers pocketed the loot. Hardware wallets, address verification bypassed.
India faces similar threats—₹18,000 Cr cyber losses 2025, I4C chasing overseas gangs via MLATs. Lessons: Scan downloads, use official activators.
Crypto Protection Kit:
- Hardware wallets (Ledger/Trezor)—offline keys.
- Manual address verification—twice.
- Multi-signature for big holdings.
- Antivirus + EDR for memory threats.
This extradition spotlights intl policing gains—Interpol, MLATs bridging borders. As crypto scams evolve (wallet drainers, seed phrase phishing), vigilance + tech vigilance essential. Korea’s win warns: No hiding place for digital thieves.
