A 29-year-old Lithuanian man has been extradited from South Korea, accused of a sophisticated scheme that resulted in the theft of around $1.8 million in digital assets. The National Office of Investigation (NOI) confirmed this development on Sunday, concluding a five-year investigation that spanned multiple countries.
The suspect is alleged to have utilized malware named KMSAuto, which masqueraded as a Microsoft Windows activation tool, to redirect cryptocurrency transactions. This malicious software was downloaded over 2 million times globally and specifically targeted users seeking to bypass licensing for the operating system. The hacker's operation began in April 2020 and continued until January 2023, affecting more than 3,100 cryptocurrency wallets worldwide.
Authorities reported that the hacker intercepted 840 transactions, which led to an accumulation of approximately 1.7 billion won in stolen assets. The investigation initiated in August 2020 after a victim lost one Bitcoin, valued at 12 million won, due to the malware's manipulation of wallet addresses during transactions. Following extensive digital forensics and collaboration with international agencies, the suspect was identified, leading to a raid in December where 22 items were seized from his residence in Lithuania.