South Korea has successfully extradited a 29-year-old Lithuanian national accused of stealing approximately $1.8 million in digital assets through sophisticated malware. The National Office of Investigation (NOI) announced the extradition on Sunday after a five-year investigation spanning multiple countries. Authorities said the hacker distributed malware called KMSAuto, which masqueraded as a Microsoft Windows activation tool.
The software was downloaded more than two million times globally. Upon installation, it used memory-hacking techniques to swap wallet addresses in real time, diverting funds to the attacker. The scheme specifically targeted individuals using unlicensed Windows activation tools. More than 3,100 cryptocurrency wallets worldwide were affected by the infection.
The hacker intercepted 840 transactions, accumulating 1.7 billion won in stolen digital assets. Eight Korean nationals lost a combined 16 million won. The investigation began in August 2020 when a victim reported losing one Bitcoin, valued at 12 million won at the time.
The victim had sent the cryptocurrency to a known wallet address, only to discover it had been redirected elsewhere. Korean authorities traced the stolen assets through domestic exchanges to six countries. As the probe expanded, seven additional Korean victims came forward with similar losses.
Police identified the suspect through extensive digital forensics and international collaboration. In December of the preceding year, Korean authorities coordinated with Lithuania’s Ministry of Justice, prosecutors, and police to raid the suspect’s residence. Lithuanian officials seized 22 items during the operation, including multiple mobile phones, laptops, and other electronic devices. Korean police requested a red notice from Interpol to facilitate the suspect’s eventual prosecution.
Leave a Reply