Hacker who targeted BTS's Jungkook extradited: Inside the £19m cyber-scam

A 40-year-old Chinese national, believed to be a mastermind behind a massive hacking syndicate, has been extradited from Thailand to South Korea. The group is accused of stealing millions and attempting to seize shares from K-pop superstar Jungkook.

The multi-million-pound operation

A second suspected leader of a sophisticated hacking ring accused of stealing over 38 billion won (£18.8m) has been extradited to South Korea. The 40-year-old Chinese national arrived in Seoul from Bangkok on May 13 to face questioning over his alleged role in the international cybercrime organisation. He is the second alleged ringleader to be brought to justice; a 36-year-old Chinese national was previously extradited in August 2025 and is currently on trial.

The syndicate allegedly targeted a list of high-profile victims, including celebrities, the chairman of a major conglomerate, and the head of a venture company, according to AFP news agency. So far, police have arrested 18 individuals connected to the criminal group.

How the K-pop star was targeted

The scam ring allegedly set its sights on BTS vocalist Jungkook in January 2024, while the superstar was completing his mandatory military service.

Hackers reportedly gained access to a securities account in his name and attempted to transfer 33,500 shares of HYBE stock, the group's management company, valued at approximately 8.4 billion won.

However, the transaction was ultimately blocked. According to South Korean media reports, Jungkook's agency, Big Hit Music, and financial institutions detected the unauthorised activity and froze the account before any financial loss occurred. The agency has since confirmed it has strengthened security measures to protect its artists' personal information.

A sophisticated scheme

The hacking took place between August 2023 and April 2025, reports say. The group’s method involved illegally accessing the websites of budget mobile phone carriers to obtain the personal information of their targets.

They specifically chose victims who would have difficulty responding quickly to financial alerts, such as those in military service or in prison. Using the stolen data, the syndicate would then withdraw large sums from their victims' accounts.

The unnamed suspect will now face questioning by the Seoul Metropolitan Police Agency.

Authorities have said they plan to seek an arrest warrant after analysing the available evidence.