South Korean authorities suspect North Korea's notorious Lazarus Group orchestrated a $30 million cryptocurrency theft from Upbit, the nation's largest digital asset exchange, using methods strikingly similar to a 2019 attack.
South Korean authorities are investigating North Korea's Lazarus Group as the prime suspect behind a $30.4 million cryptocurrency breach at Upbit, the country's largest digital asset exchange.
The Thursday attack saw hackers drain 44.5 billion won worth of Solana-based assets to an unauthorized wallet, prompting immediate action from regulators and cybersecurity experts.
Government and industry sources told Yonhap News Agency that officials plan an on-site inspection at the exchange. The attack methods bear striking similarities to a 2019 incident where Lazarus allegedly stole 342,000 ETH valued at $58 million from the same platform.
South Korean police confirmed last year that the notorious hacking collective orchestrated that earlier breach.
Attack Methods Mirror Previous Heist
Rather than directly targeting servers, hackers likely compromised administrator accounts or impersonated authorized personnel to execute the unauthorized transfers.
A government official explained that this sophisticated social engineering approach makes detection significantly more challenging than traditional server attacks.
"Instead of attacking the server, it is possible that hackers compromised administrators' accounts or posed as administrators to make the transfer," the official stated.
According to Dethective on X, the threat actors have already begun laundering the stolen funds. The blockchain analysis provider reported that the hacker's wallet swapped Solana tokens for USDC and started bridging approximately $1.6 million in assets to Ethereum.
This rapid movement of funds follows Lazarus's established pattern of quickly dispersing stolen cryptocurrency across multiple blockchain networks to obscure tracking efforts.
Security officials note that converting stolen assets and transferring them to various exchanges makes transaction tracking virtually impossible.
"It is the tactic of Lazarus to transfer crypto to wallets at other exchanges and attempt money laundering," a security official explained.
Timing Raises Additional Questions
The breach occurred one day after Naver Corp., South Korea's dominant search engine operator, announced plans to acquire Dunamu—Upbit's parent company—as a wholly owned subsidiary through a share-swap deal.
Some security experts suggest hackers may have deliberately chosen this timing to maximize attention and demonstrate their capabilities.
"Hackers have a strong tendency toward self-display," another security official noted, implying the group might have staged the attack to overshadow positive corporate news.
Upbit initially reported losses of 54 billion won ($36.8 million) before revising the figure downward to 44.5 billion won ($30.4 million) following a comprehensive audit.
The exchange immediately suspended all deposit and withdrawal services upon detecting the abnormal transactions and launched an internal investigation.
Dunamu announced it would cover the full amount using company-owned assets, ensuring customers face no losses.
The exchange detected the unauthorized withdrawals in certain Solana-affiliated assets and implemented emergency protocols to prevent further damage.
Experts point to North Korea's desperate need for foreign currency as a potential motive. The regime faces severe economic sanctions and relies increasingly on cybercrime to generate revenue.
Lazarus Group has established itself as one of the world's most sophisticated state-sponsored hacking operations, targeting financial institutions and cryptocurrency platforms globally.
The investigation continues as authorities work to trace the stolen funds and prevent future attacks.
South Korean regulators face mounting pressure to strengthen cybersecurity measures across cryptocurrency exchanges, particularly given the country's status as a major digital asset trading hub.
The Upbit breach represents the latest in a series of high-profile cryptocurrency thefts attributed to North Korean hackers, underscoring the ongoing security challenges facing the digital asset industry.
Related reading: Rugproof Launchpad—The Launchpad That Might Be the Next Rug Pull Trap
Related reading: Warren Exposes Trump's Crypto Corruption in GOP Regulation Clash
Key Topics
Crypto New Live
admin@cryptonewslive.org
Lazarus Group Upbit Hack: $30M Crypto Stolen
North Korea's Lazarus Group allegedly stole $30M in crypto from Upbit exchange. Authorities investigate ties to 2019 breach as hackers launder funds.