Authorities capture the kingpin behind the $25M celebrity hacking ring that targeted BTS' Jungkook.
South Korean Celebrity Hacking Kingpin Finally Caught in Thailand
South Korea’s cybercrime probe exposed how SIM cloning and stolen state data are being utilized for massive financial theft from celebrities like BTS Jungkook.
Highlights
- A transnational hacking ring stole nearly $25.5 million USD from crypto and stock accounts using cloned identities.
- BTS Jungkook was one of 258 elite targets, with hackers almost liquidating $5.6M worth of HYBE shares from his account.
- South Korean authorities arrested the final ringleader in Thailand, marking the end of a global manhunt tied to the 18-member cybercrime network.
A hand-off at Incheon International Airport on Wednesday (May 13, 2026) morning marked the end of a high-stakes digital manhunt. As the second suspected ringleader of a top international hacking empire was taken into police custody, the South Korean Ministry of Justice wrapped up an operation that successfully converted the personal identities of the country’s elite into liquid capital.
A Scheme to Steal Nearly $26M in Crypto and Stocks
As per Korea JoongAng Daily, the ring, headed by two individuals attending the same university, orchestrated the acts from their bases in China and Thailand during the period of July 2023 and April 2024. The hacking ring reportedly siphoned a staggering ₩38 billion (~ $25.5 million USD) from stock and cryptocurrency accounts. Additionally, another attempt to steal ₩25B (~ $16.8M) from 10 people was thwarted only by financial intervention in the eleventh hour.
BTS Jungkook and Other Celebrities Targeted
The hacking group meticulously breached six government and public agency websites to gain resident registration numbers and authentication credentials of 258 high-profile targets. If reports are to be believed, the hackers did not just look for wealth but also searched for celebrities, athletes, and business moguls – people who would be least likely to notice the breach. The hackers were also particularly looking for known figures who are currently serving in the military or incarcerated, to take advantage of their absence.
BTS Jungkook (Photo by Debra L Rothenberg/WireImage)
Interestingly, BTS member Jungkook was one of the most notable targets. The ring reportedly managed to access his personal data and nearly liquidated ₩8.4B (~ $5.6M) worth of HYBE shares from his account. However, the agency intervened and halted the fraudulent transactions.
SIM Cloning Bypasses Two-Factor Security
The hacker ring made use of a loophole in South Korea’s budget mobile carrier system and exploited the mechanism of remote SIM card activation. This helped them bypass in-person verification and enabled them to register phones in the names of 89 victims. These “cloned” identities allowed them to even cross the two-factor authentication required to drain accounts.
Thailand Arrest Ends Global Manhunt
Although the first ringleader, identified as Jeon, was extradited last August and is now facing 11 charges, his peer remained at large in Thailand. Since he was not caught in the act directly, the Justice Ministry used an emergency provisional detention request to catch him until the official extradition was finalized this week.
With both leaders and the other 16 members now under governmental custody, the Ministry of Justice has confirmed the end to this specific transnational fraud. However, the breach highlights how the nation’s most recognizable faces can also be targeted via government backdoors. The case remains a remarkable case study in the grounds of modern financial warfare.
Author
Diya Mukherjee is a Content Writer at Outlook Respawn with a postgraduate background in media. She has a passion for writing content and is enthusiastic about exploring cultures, literature, global affairs, and pop culture.
Related Articles
