South Korea has successfully extradited a 29-year-old Lithuanian national accused of stealing approximately $1.8 million in digital assets through sophisticated malware. The National Office of Investigation (NOI) announced the extradition on Sunday, following a five-year investigation that spanned multiple countries. The suspect allegedly used malicious software to redirect cryptocurrency transactions from intended recipients to his own wallets. His operation targeted users across South Korea and several other nations between April 2020 and January 2023. Malware Disguised as Legitimate Software Authorities revealed the hacker distributed malware called KMSAuto, which masqueraded as a Microsoft Windows activation tool. The software attracted users seeking to bypass licensing requirements for the Windows operating system. Investigators determined the malware was downloaded over 2 million times globally. Once installed, it employed memory-hacking techniques to swap cryptocurrency wallet addresses during transactions automatically. The manipulation occurred in real-time, redirecting digital assets to the hacker's control without the victims' knowledge. The scheme specifically targeted individuals using unlicensed Windows activation tools. More than 3,100 cryptocurrency wallets worldwide fell victim to the infection. The hacker successfully intercepted 840 transactions, accumulating 1.7 billion won in stolen digital assets. Eight South Korean nationals lost a combined 16 million won to the operation. The investigation began in August 2020 when a victim reported losing one Bitcoin, valued at 12 million won at the time. The victim had sent the cryptocurrency to a known wallet address, only to discover it had been redirected elsewhere. International Cooperation Leads to Arrest Korean authorities traced the stolen assets through domestic exchanges to six different countries. The investigation expanded as seven additional Korean victims came forward with similar complaints. Police identified the suspect through extensive digital forensics and international collaboration. In December of the previous year, Korean authorities coordinated with Lithuania's Ministry of Justice, prosecutors, and police to execute a raid on the suspect's residence. Lithuanian officials seized 22 items during the operation, including multiple mobile phones, laptops, and other electronic devices. Korean police requested a red notice from Interpol to facilitate the suspect's eventual prosecution.
