60
Hyundai Group evacuated hundreds of employees from two major Seoul headquarters on Friday after receiving a bomb threat via email demanding 13 Bitcoin (BTC) in ransom. As per a local report, the anonymous email prompted an emergency response by special forces and explosive experts at the headquarters of the conglomerates in Central Seoul.
Although no explosive has been found after thorough searches, it has raised concerns regarding a string of extortion emails aimed at large South Korean conglomerates and tech companies. The security threat began with the delivery of threatening emails to the office complexes of the two Hyundai entities. According to the police report, the sender demanded that the two organizations pay 13 BTC or face detonation of explosives.
After receiving the incident report, the Metropolitan Police in Seoul sent expert security personnel and sniffing dogs to sweep through the area floor by floor. After an investigation lasting several hours, the security team determined that there were no hazardous materials in the vicinity, rendering the threat false. This is not the first such incident but the latest in a series of intimidation attempts using technology aimed at South Korea’s largest industries. Other prominent organizations, such as Samsung, KT, Kakao, and Naver, have faced similar threats in the recent past.
The mode for the threatening emails for the previous cases has included the following: the threat is carried out by an anonymous email with a demand for Bitcoin, followed by a threatening message about violence about to break out anytime soon.The authorities have, however, found no evidence of any physical explosives in the previous cases, suggesting the culprits are the same people taking advantage of corporate security systems for their gain.
The fact that the threats are repetitive may have considerable implications for the operations of the corporations as well as the security of the nation of South Korea. Although the threats have turned out to be false, considerable public resources are being deployed in the response to the threats, as well as disruption being caused to the daily operations of multinational corporations.
Police authorities are currently tracking the cyber trail left by the origin of the emails, which use international servers to hide the identity of the senders. There is mounting public pressure on the government to improve international cooperation in cybercrime cases that involve tracing the culprits behind the ransom demands.
The surge in suspicious crypto transactions, surpassing 36,000 reports by August 2025, and the discovery of “hwanchigi” money-laundering schemes show how scammers are increasingly leveraging the anonymity of digital assets for illicit activities and ransom demands. Following high-profile security failures like the Upbit breach, South Korean authorities are now moving to treat crypto exchanges with the same severity as traditional banks, enforcing strict no-fault compensation rules and hefty fines of up to 3% of revenue.
It enforces “no-fault” compensation rules that hold exchanges liable for system failures or hacks regardless of negligence. This regulatory overhaul includes potential fines of up to 3% of annual revenue for security lapses. The threatening emails sent to Hyundai Group and Hyundai Motor Group have brought out the rising phenomenon of ‘cyber-terrorism’ affecting large South Korean companies.
Although there has been no physical threat perceived after the police search, the fact that the attacks keep recurring can pose a serious problem for the private sector as well as the authorities. Police investigations are on to trace the root of the mails as they try to identify whether the hacker has been behind the attacks on the likes of Samsung, KT, and the technology giants.
