Hyundai Group Faces BTC Ransom Demand As Crypto Extortion Turns Violent

TL;DR:

Hyundai got an email demanding 13 BTC, threatening 11:30 AM blasts at Yeonji-dong and Yangjae-dong; police searches found no devices.
Samsung, KT, Kakao and Naver faced similar alerts; authorities reported no explosives confirmed. A Nigerian number threatened Indonesian schools for $30,000 in Bitcoin.
Korea targets stronger AML by mid-2026 after Upbit’s $30 million Lazarus-linked hack. Officials said over $3.4 billion was stolen; $2.02 billion tied to North Korea, up 51%.

Hyundai Group’s headquarters in Seoul moved into incident response after police received a report of a threatening email demanding 13 Bitcoins. The message warned that if payment was not made, an explosion would occur at 11:30 AM, naming the Yeonji-dong building in Jongno-gu and the Hyundai Motor Group tower in Yangjae-dong, Seocho-gu, plus other facilities. Police dispatched special forces and conducted searches at both sites. With no suspected devices found, operations gradually normalized as a 13 BTC bomb-ransom demand tested security protocols. The 13 BTC was valued around $1.1 million, or KRW 16.4 billion, internally.

BREAKING: Bomb threats have hit Hyundai offices in Seoul.

An anonymous sender demanded 13 BTC ($1.3M) to stop the attacks.

Police special forces searched the buildings and, thankfully, found no explosives.

This follows a wave of similar fake threats against Samsung, KT,… pic.twitter.com/xtEIwOZMd3

— Evan Luthra (@EvanLuthra) December 19, 2025

Bomb threats widen across Korea

The Hyundai alert landed amid a rising wave of chaebol-targeted threats that has pulled other major names into emergency drills. Samsung Electronics was cited in a Kakao customer service bulletin board post that claimed it would blow up the firm’s headquarters in Yeongtong-gu, Suwon, and shoot executive chairman Lee Jae-yong with a homemade gun. Another post appeared in KT’s online sign-up form, stating a homemade bomb was installed at its Bundang building in Jeongja-dong, Seongnam, prompting checks on critical infrastructure. Kakao’s Jeju and Pangyo sites and Naver also faced threats. Authorities reported no explosives confirmed.

Even when searches come up empty, the pattern is amplifying stakeholder unease, with authorities noting that anxiety among employees and local residents has been growing. Separately, crypto ransom tactics are reaching schools and communities: a Nigerian number was tracked sending bomb threats tied to a $30,000 Bitcoin demand. The message went to three foreign schools in Indonesia, one in North Jakarta and two in South Tangerang, claiming bombs were placed on site. The sender said the devices would detonate within 45 minutes if payment was not made, calling it “A message for EVERYONE.” in writing.

South Korea’s agencies plan stricter controls, including stronger AML rules by mid-2026. Pressure rose after a $30 million hack at Upbit that authorities attributed to North Korea’s Lazarus group and compared to a 2019 attack. The breach emerged during a press event for Naver Corp.’s $10.3 billion acquisition of Upbit parent Dunamu Inc. Upbit suspended deposits and withdrawals and pledged to cover losses using its assets. Officials said more than $3.4 billion was stolen from January through early December; North Korea took $2.02 billion, a 51% YoY rise and $681 million above 2024’s $1.3 billion.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ December 19, 2025 8:24 pm