Cylynx traces the November 2019 Upbit theft in which 342,000 ETH was moved from the South Korean exchange’s hot wallet to an attacker-controlled wallet later referenced in a U.S. Justice Department case involving Chinese money launderers and North Korean co-conspirators. The analysis follows the initial transaction at block 9007863 and shows the stolen ETH being split through large numbers of intermediary wallets, with Etherscan tagging hundreds of accounts and transactions associated with the Upbit hack. Cylynx reports sustained laundering activity across roughly 50,000 Ethereum wallets and 100,000 transactions, including flows toward centralized exchanges such as Binance, Huobi, Okex, and Bitmax. The source estimates that 190,000–240,000 ETH had reached exchange addresses before May 2020 and that another 65,000–75,000 ETH moved toward exchange entities during a later resurgence.