South Korean authorities have pointed to North Korea's Lazarus hacking group as the likely culprit behind a $30 million cryptocurrency theft from the nation's largest exchange, Upbit. The attack, which occurred on Wednesday evening, involved hackers impersonating administrators to siphon funds. Upbit has suspended operations and pledged to cover all losses.
The cyberattack targeted Upbit, South Korea's premier cryptocurrency platform, on Wednesday evening, resulting in the theft of approximately $30 million in digital assets. According to South Korean government officials, as reported by Yonhap News Agency on Friday, the intrusion bears the hallmarks of operations by North Korea's state-backed Lazarus group. Investigators noted that the hackers impersonated Upbit administrators to execute the transfer, employing tactics similar to those used in money laundering.
Upbit described the incident as an 'abnormal withdrawal' in a public statement and immediately launched an investigation. Oh Kyung-seok, CEO of Upbit's parent company Dunamu, announced the suspension of deposits and withdrawals to mitigate further risks. 'After detecting the abnormal withdrawal, Upbit immediately conducted an emergency security review of the relevant network and wallet systems,' Kyung-seok said. 'To prevent further abnormal transfers, all assets have been transferred to a secure cold wallet.' The company has committed to reimbursing all affected users and has already traced some stolen funds to another wallet on Thursday, working to freeze those assets.
This breach follows closely on the heels of Naver, a major South Korean internet firm, acquiring Dunamu for $10 billion just one day prior. The tactics echo a 2019 hack on Upbit, where $40 million was stolen and also attributed to Lazarus, a group embedded in North Korea's Reconnaissance General Bureau. Over the past nine years, Lazarus has pilfered billions in cryptocurrency. Blockchain firm Chainalysis reported that North Korea-linked hackers stole $1.3 billion across 47 incidents in 2024 alone. Additionally, the group faces accusations of a $1.5 billion theft from Dubai-based Bybit in February. The United Nations has documented dozens of such attacks over five years, totaling $3 billion for North Korea.