The cryptocurrency world faced a stark reminder of its security vulnerabilities on December 19, 2017, as South Korean exchange Youbit announced it was shutting down and filing for bankruptcy after suffering its second cyberattack in less than eight months. The incident, which saw the exchange lose 17% of its total digital assets, sent shockwaves through an already volatile market where bitcoin was trading near $17,777 after hitting an all-time high above $19,000 just days earlier.
TL;DR
- South Korean crypto exchange Youbit files for bankruptcy after losing 17% of assets in its second hack of 2017
- North Korean state-sponsored hacking group Lazarus suspected of orchestrating the attacks
- Customers expected to recover approximately 75% of their deposited cryptocurrency value
- Attack coincides with US officially blaming North Korea for the WannaCry ransomware attack
- Incident highlights growing cybersecurity threats targeting cryptocurrency exchanges during the 2017 bull run
Youbit Forced Into Bankruptcy After Devastating Second Breach
Youbit, formerly known as Yapizon, had already endured a significant breach in April 2017 when hackers stole 3,816 bitcoins — a haul worth roughly $5 million at the time of the theft but valued at approximately $73 million by mid-December given bitcoin’s extraordinary price appreciation throughout the year. The second attack, which struck on December 19, targeted the exchange’s hot wallet — the online-connected storage used to process instant withdrawals.
In a statement released to customers, Youbit confirmed that it would be ceasing operations immediately and filing for bankruptcy. The exchange assured users they would receive back approximately 75% of the value of cryptocurrency they had deposited, with the remaining balance lost to the attackers. The exchange noted that the hackers had not managed to drain all of its holdings because a significant portion was stored in cold wallets — offline storage systems that are not connected to the internet and therefore far more difficult to compromise.
North Korea’s Lazarus Group: A Growing Threat to Crypto Infrastructure
South Korea’s Internet and Security Agency (KISA), the government body responsible for investigating cybercrime, launched an immediate inquiry into the breach. The agency had previously attributed the April attack on Youbit to cyber-spies working on behalf of North Korea, and security experts quickly pointed to the same perpetrators for the December incident.
The prime suspect is the Lazarus Group, a notoriously sophisticated hacking collective that cybersecurity firms and intelligence agencies have linked directly to the North Korean regime. The group, which includes sub-units such as BlueNoroff — focused specifically on financial crime — has been implicated in some of the most significant cyberattacks of the past decade. These include the devastating WannaCry ransomware attack that crippled hospitals, banks, and businesses worldwide in May 2017, the 2016 theft of $81 million from Bangladesh’s central bank through its account at the Federal Reserve Bank of New York, and the 2014 Sony Pictures hack.
Chris Doman, a threat engineer at security firm AlienVault, told media that he first observed Lazarus targeting bitcoin companies in May 2017 — the same month as the WannaCry outbreak. “While attacks by Lazarus have mainly been aimed at social disruption, recent reports indicate the group is increasingly going after money,” Doman explained.
Timing Coincides With US Condemnation of North Korea
The Youbit attack came on the very same day that US Homeland Security Adviser Tom Bossert publicly blamed North Korea for the WannaCry ransomware attack, vowing to hold Pyongyang accountable. The dual developments underscored a pattern of escalating state-sponsored cybercrime emanating from the isolated nation, which has increasingly turned to cryptocurrency theft as a means of raising foreign currency to circumvent economic sanctions.
South Korea’s Financial Security Institute had recently published a report explicitly blaming the North Korean regime for orchestrating cryptocurrency exchange attacks as a means of generating desperately needed foreign currency. The attacks on Bithumb, Coinis, and now Youbit for a second time appeared to confirm this assessment.
A Broader Epidemic of Exchange Hacks
The Youbit incident was not an isolated event in the rapidly expanding cryptocurrency ecosystem. Just weeks earlier, NiceHash, a Slovenia-based cryptocurrency mining marketplace, had been hacked for more than $80 million in bitcoin. The pattern of increasingly brazen attacks on exchanges reflected the growing attractiveness of cryptocurrency platforms as targets, given the soaring valuations across the market.
Bitcoin itself had surged from approximately $1,000 at the beginning of 2017 to over $19,000 by mid-December — a nearly 1,900% increase that attracted both legitimate investors and sophisticated criminals. Ethereum was trading at $826, having gained over 33% in just the previous week, while the total cryptocurrency market capitalization had swelled to approximately $580 billion.
Despite its closure, Youbit was a relatively small player in South Korea’s crypto market. Bithumb, the country’s dominant exchange, commanded roughly 70% of domestic trading volume. However, the attack raised serious questions about the security standards across the entire exchange ecosystem, particularly at smaller platforms with fewer resources to invest in cybersecurity infrastructure.
Why This Matters
The Youbit hack and shutdown marked one of the first major exchange collapses during the historic 2017 bull run, foreshadowing the security challenges that would continue to plague the cryptocurrency industry. The involvement of state-sponsored North Korean hackers demonstrated that cryptocurrency theft had evolved from opportunistic criminal activity into a tool of geopolitical strategy. For investors and regulators alike, the incident served as a wake-up call about the critical importance of exchange security and the emerging nexus between cryptocurrency and international cybercrime — themes that would only intensify in the years ahead.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Past events and historical price data do not guarantee future results. Always conduct your own research before making investment decisions.