News 
Coin Information 
About us 
Customer Service 
South Korean authorities are intensifying their investigation into a multi-million-dollar security breach at Upbit, the country’s largest cryptocurrency exchange, with growing suspicion that the North Korea-linked Lazarus Group may be behind the attack. The probe follows a Yonhap report indicating that the tactics used in the latest incident resemble those seen in previous Lazarus-related crypto heists.
Upbit temporarily halted all deposits and withdrawals on Thursday after detecting abnormal activity involving Solana-based tokens. The exchange later confirmed that approximately 54 billion Korean won — around $36 to $37 million — had been drained from a hot wallet in an unauthorized withdrawal. This marks the second major hot wallet breach Upbit has suffered in six years, raising renewed concerns about the platform’s security posture and the continued targeting of Korean exchanges by sophisticated threat actors.
Investigators suspect the hackers may have gained access by hijacking or impersonating administrator credentials, a method consistent with the Lazarus Group’s 2019 attack on the exchange. Cybersecurity analysts noted that North Korea, facing severe foreign currency shortages, continues to rely on state-sponsored hacking units to steal digital assets. Several experts also pointed out that the laundering behavior observed in the aftermath of the breach — including the use of crypto-mixing techniques — aligns with patterns long associated with Lazarus.
Fueling further speculation is the timing of the attack. The hack occurred on Nov. 27, the same day Upbit’s parent company, Dunamu, and tech giant Naver announced a major corporate merger. Some experts believe the hackers may have deliberately chosen the date to make a statement. One cybersecurity specialist told Yonhap that threat actors “tend to have a strong desire to show off,” suggesting the timing may have been symbolic.
As authorities continue to trace the stolen funds and assess the full impact, this latest breach highlights the ongoing vulnerabilities within the digital asset ecosystem and the persistent threat posed by state-linked cybercrime groups targeting global cryptocurrency platforms.
Comment 0