@article{ART003280539},
author={Hyewon Lee and Donghyun Yeo and Minwon Seo},
title={Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2025},
volume={30},
number={12},
pages={215-225}
TY - JOUR
AU - Hyewon Lee
AU - Donghyun Yeo
AU - Minwon Seo
TI - Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis
JO - Journal of The Korea Society of Computer and Information
PY - 2025
VL - 30
IS - 12
PB - The Korean Society Of Computer And Information
SP - 215
EP - 225
SN - 1598-849X
AB - In late 2024, large-scale data leaked from cyberattacks linked to the Chinese and North Korean hacker group Kimsuky and the Prack incident included unstructured information such as government logs, source code, and browser timelines from the Ministry of Foreign Affairs and the Defense Counterintelligence Command. This study analyzes whether the attackers conducted financial activities using cryptocurrencies.
Automatic identification of valid crypto addresses in large text datasets is challenging, as simple regex detection yields high false positives. To overcome this, we implemented a four-stage pipeline: (1) multi-coin regex detection, (2) checksum and decoding validation, (3) contextual scoring, and (4) on-chain verification.
Experiments using approximately 80 MB of leaked data and Ethereum records from Etherscan reduced false positives by 75%, doubled true detections, and achieved an average processing time under three minutes.
In particular, Ethereum address 0xb211b4...0cb6 appeared both in browser logs and on-chain deposits, confirming that the attacker viewed and analyzed blockchain assets. This research demonstrates a practical methodology for reconstructing blockchain activities from unstructured data in state-sponsored hacking cases.
KW - Cyber threat intelligence;Blockchain forensics;Cryptocurrency address detection;;Kimsuky;On-chain verification
DO -
UR -
ER -
Hyewon Lee, Donghyun Yeo and Minwon Seo. (2025). Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis. Journal of The Korea Society of Computer and Information, 30(12), 215-225.
Hyewon Lee, Donghyun Yeo and Minwon Seo. 2025, "Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis", Journal of The Korea Society of Computer and Information, vol.30, no.12 pp.215-225.
Hyewon Lee, Donghyun Yeo, Minwon Seo "Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis" Journal of The Korea Society of Computer and Information 30.12 pp.215-225 (2025) : 215.
Hyewon Lee, Donghyun Yeo, Minwon Seo. Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis. 2025; 30(12), 215-225.
Hyewon Lee, Donghyun Yeo and Minwon Seo. "Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis" Journal of The Korea Society of Computer and Information 30, no.12 (2025) : 215-225.
Hyewon Lee; Donghyun Yeo; Minwon Seo. Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis. Journal of The Korea Society of Computer and Information, 30(12), 215-225.
Hyewon Lee; Donghyun Yeo; Minwon Seo. Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis. Journal of The Korea Society of Computer and Information. 2025; 30(12) 215-225.
Hyewon Lee, Donghyun Yeo, Minwon Seo. Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis. 2025; 30(12), 215-225.
Hyewon Lee, Donghyun Yeo and Minwon Seo. "Detection and Verification of Cryptocurrency Activities from Unstructured Data in Kimsuky and Prack Leak Analysis" Journal of The Korea Society of Computer and Information 30, no.12 (2025) : 215-225.
