LS Securities is under investigation by the Seoul Metropolitan Police Cyber Investigation Unit after a foreign investor suffered billions of won in losses through unauthorized stock trades and cash withdrawals executed via fake hacked emails early this year. An LS Securities employee processed multiple orders following instructions from the compromised email account, exploiting vulnerabilities in the foreign investor standing proxy system that handles investment registration, account opening, and order processing for overseas residents trading Korean stocks. The Financial Supervisory Service is examining whether internal control procedures were adequate, while LS Securities reported the incident immediately and requested police investigation, stating the company's own computer systems were not breached.
Employee Processed Multiple Orders via Fake Email Instructions
According to the financial investment industry on the 8th, the Seoul Metropolitan Police Cyber Investigation Unit is investigating a case where an LS Securities employee received fake hacked emails early this year and processed stock-related orders for foreign investor A, resulting in the unauthorized withdrawal of billions of won. The incident is understood to exploit vulnerabilities in the foreign investor standing proxy system, which handles necessary procedures including investment registration, account opening, and order execution for foreign nationals residing overseas who trade Korean stocks.
The employee reportedly processed various orders multiple times over a certain period following instructions from the fake emails, including stock purchases, sales, and cash withdrawals.
LS Securities Reports Email Account Compromise, Not System Breach
LS Securities maintains that the incident did not result from security flaws in the company's own computer systems. An LS Securities official stated, "As a result of investigations conducted through the Financial Security Institute and others, there were no traces of the company's computer system being hacked or subjected to external attacks." The official explained, "It is presumed to be an incident that occurred due to the foreign investor's email account being compromised."
The official emphasized, "The company is not under investigation for committing illegal acts, but rather immediately reported the financial incident to the Financial Supervisory Service upon recognition and directly requested police investigation to apprehend the perpetrator."
FSS Examines Internal Control Procedures
The Financial Supervisory Service is reportedly monitoring the possibility that internal control procedures were inadequate, such as failing to directly confirm with the investor themselves while orders and withdrawals following fake emails were repeated multiple times, even if the securities firm's systems were not directly hacked.
FAQ
What happened at LS Securities early this year?
An LS Securities employee processed unauthorized stock trades and cash withdrawals for foreign investor A following instructions from fake hacked emails, resulting in billions of won in losses. The incident exploited vulnerabilities in the foreign investor standing proxy system.
Was LS Securities' computer system hacked?
No. LS Securities stated that investigations through the Financial Security Institute found no traces of the company's computer system being hacked or subjected to external attacks. The incident is presumed to have occurred due to the foreign investor's email account being compromised.
What action did LS Securities take after discovering the incident?
LS Securities immediately reported the financial incident to the Financial Supervisory Service and directly requested police investigation to apprehend the perpetrator.