Oh Kyu-sik, head of the Seoul Metropolitan Police Agency’s second cybercrime investigation unit, briefs the press on Aug. 28 at the agency’s headquarters in central Seoul on the arrest of the ringleader of an international hacking ring behind the illegal registration of budget phones. [YONHAP]
A hacking ring that used the personal information of BTS member Jungkook and dozens of wealthy individuals, including corporate tycoons, to steal assets totaling 39 billion won ($28.1 million) has been busted by the police.
The Seoul Metropolitan Police Agency’s cyber investigation unit said Thursday that it had arrested 16 members of an international hacking organization, including two ringleaders. The group hacked into government, public and private websites to steal financial data from high-net-worth individuals and used illegally registered burner phones to siphon off funds.
The group, led by a 35-year-old mastermind and a 40-something accomplice, operated between July 2023 and April 2025, targeting six websites run by vulnerable government agencies, public institutions, IT platforms and financial firms, according to the police.
They stole the personal and financial information — including resident registration numbers — of 258 victims, including businesspeople, legal professionals, celebrities and athletes. They then identified wealthy individuals and narrowed the list to those deemed less likely to respond immediately, such as people in prison or military service.
The victims included 75 businesspeople, 11 legal professionals and civil servants, 12 celebrities, six athletes and 28 crypto investors. Their combined account balances reportedly exceeded 55.2 trillion won. Among them were 22 executives from Korea’s top 100 conglomerates.
The cyber unit said the hackers’ ultimate goal was to gain access to a single account holding 12 trillion won.
![A Chinese national, suspected of leading a hacking ring that stole assets from BTS member Jungkook and other wealthy individuals in Korea, appears at a warrant hearing at the Seoul Central District Court in southern Seoul on Aug. 24. [YONHAP]](https://i0.wp.com/nationalcybersecurity.com/wp-content/uploads/2025/08/c6035ee8-b87b-45cc-bc77-f457a0585217.jpg?w=1150)
A Chinese national, suspected of leading a hacking ring that stole assets from BTS member Jungkook and other wealthy individuals in Korea, appears at a warrant hearing at the Seoul Central District Court in southern Seoul on Aug. 24. [YONHAP]
By exploiting a loophole in the non-face-to-face registration process for budget telecom services, the hackers used the identities of 89 victims to register 118 mobile SIM cards. These were then used to bypass identity verification processes.
The hackers successfully stole 39 billion won from the bank and crypto accounts of 16 individuals and attempted to steal another 25 billion won from 10 others, but were blocked by financial institutions. The largest single loss involved 21.3 billion won in cryptocurrency.
In the case of Jungkook, the hackers tried to steal 8.4 billion won worth of HYBE shares under his name, but financial institutions flagged the suspicious transaction and the agency froze the transfer, preventing an actual loss. Of the total stolen, 12.8 billion won has been returned to victims thanks to police intervention.
The Seoul cyber unit took over the case from the Namdaemun Police Precinct in September 2023 after similar frauds were reported nationwide. The police arrested 16 members, including four middlemen, between November 2023 and April this year.
![Cover art for Jungkook's single, ″Seven″ (2023) [BIGHIT MUSIC]](https://i0.wp.com/nationalcybersecurity.com/wp-content/uploads/2025/08/f9330f8e-ed6e-4369-9c37-0a545e7d4127.jpg?w=1150)
Cover art for Jungkook’s single, ″Seven″ (2023) [BIGHIT MUSIC]
The two ringleaders were placed on Interpol’s red notice list and captured in a joint operation with Thai police in Bangkok this May. One of them, a Chinese national, was extradited to Korea on Aug. 22. The other remains in custody in Thailand.
“The ringleader was caught red-handed during the operation and we seized the digital devices used in the crimes,” said police.
The main suspect was indicted on Sunday on 11 charges, including violations of the Act on Promotion of Information and Communications Network Utilization and the Act on the Aggravated Punishment of Specific Economic Crimes, and will be handed over to the prosecution on Friday. His accomplice is also slated for extradition.
“This case was unprecedented in that the suspects circumvented non-face-to-face authentication systems,” said Oh Kyu-sik, head of the Seoul cyber investigation unit. “Given the size of the accounts they accessed, the damage could have been far greater. We will continue working with related agencies to minimize additional harm and protect the public’s assets and personal information.”
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY KIM CHANG-YONG [[email protected]]
Click Here For The Original Source.
