Authorities suspect the North Korean hacking unit after Upbit revises its loss estimate and onchain activity mirrors past Lazarus tactics.
Upbit Hack Sparks National Security Concerns
South Korean regulators are probing a major security incident at Upbit, the country’s largest digital asset exchange, after early findings pointed toward the Lazarus Group, a state-backed hacking unit from North Korea. Officials confirmed that the breach resulted in losses of 44.5 billion won (about $30.4 million) following abnormal withdrawals detected on Thursday.
The exchange initially estimated losses at 54 billion won, later updating the figure after completing its internal review. Upbit said it immediately halted deposits and withdrawals and began an emergency inspection to contain the threat.
Attack Mirrors Lazarus Group’s Previous Techniques
Authorities noted that the breach carried clear similarities to Upbit’s 2019 incident, when hackers stole 342,000 ETH, an attack that South Korean police later attributed to Lazarus. Investigators now believe that the attackers likely compromised administrator credentials or impersonated privileged accounts, enabling unauthorized fund movements without infiltrating Upbit’s core infrastructure.
Officials said these tactics reflect the group’s known operational style, strengthening suspicions that Lazarus is responsible.
Onchain Movements Suggest Attempt to Obscure Stolen Funds
Blockchain tracking firms observed that a wallet tied to the latest breach has already begun swapping Solana-based assets into USDC and bridging funds to Ethereum, a common laundering pattern used to obscure the origin of stolen crypto. Analysts warn that rapid cross-chain transfers often signal coordinated attempts to move funds beyond law enforcement reach.
The breach occurred shortly after Naver Financial confirmed its acquisition of Dunamu, the operator behind Upbit. The company said Dunamu will become a wholly owned subsidiary to strengthen its long-term digital asset strategy — an announcement now overshadowed by growing cybersecurity concerns.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.