The investigation utilized digital forensics, including tracking IP addresses and analyzing cryptocurrency flows, in collaboration with the U.S. Federal Bureau of Investigation (FBI), which provided evidence linking the attack to North Korea.

The FBI has linked North Korea-backed hackers to other significant cryptocurrency hacks, including the $100 million Harmony Horizon bridge hack and the $600 million Ronin Bridge hack.

Concerns over Upbit's compliance were raised due to KYC violations detected during a review of its business license renewal, including the acceptance of blurred identification cards.

Concerns have also been raised by South Korea’s Financial Services Commission regarding Upbit’s market dominance, as it accounts for nearly 20% of the deposits in K Bank, highlighting potential financial system risks.

Linguistic traces of North Korean vocabulary, specifically the term 'Heulhan Il', were found on the attack computer, further establishing a connection to North Korea.

North Korea's involvement in cryptocurrency crimes is ongoing, with tactics including phishing campaigns and supply chain attacks targeting crypto firms.

The confirmation of North Korea's role in the Upbit hack highlights vulnerabilities in the cryptocurrency industry, particularly threats from state-sponsored hackers and internal regulatory compliance issues.

This incident has led to increased regulatory scrutiny of Upbit, with over 600,000 potential Know Your Customer (KYC) violations uncovered by South Korea's Financial Intelligence Unit.

The hackers laundered more than half of the stolen assets through three crypto exchanges they created, selling at a discount to Bitcoin, while the remainder was laundered through 51 different exchanges.

Although the specific exchange from which the Ethereum was stolen was not named, Upbit reported detecting the transfer of the stolen funds to an unidentified wallet.

The investigation methods included tracking cryptocurrency flows and analyzing IP addresses, with details of the hacking techniques withheld to prevent copycat attacks.

On November 21, 2024, South Korean police confirmed that hackers linked to North Korea's military intelligence agency were responsible for a 2019 Ethereum cryptocurrency heist valued at 58 billion won, or approximately $41.5 million.