North Korea's hacking group Lazarus is suspected of being behind a recent breach of around 45 billion won ($30.6 million) in cryptocurrency from South Korea's largest exchange Upbit. Authorities plan an on-site investigation, while Upbit operator Dunamu will cover the full loss with its own assets. The incident resembles a 2019 hack at Upbit attributed to the same group.
Government and business sources said on Friday that North Korea's Lazarus group is suspected in the theft of 44.5 billion won worth of Solana-affiliated assets from Upbit, South Korea's largest cryptocurrency exchange. Dunamu, Upbit's operator, confirmed the transfer to an unauthorized wallet address on Thursday and pledged to cover the full amount using its own assets.
Authorities intend to conduct an on-site investigation at the exchange, believing Lazarus is responsible. A government official said, "Instead of attacking the server, it is possible that hackers compromised administrators' accounts or posed as administrators to make the transfer."
The methods mirror a 2019 incident where Lazarus was suspected of stealing 58 billion won in Ethereum from Upbit. A security official noted, "It is the tactic of Lazarus to transfer crypto to wallets at other exchanges and attempt money laundering," which complicates tracking.
The hack occurred amid Pyongyang's efforts to raise funds due to a foreign currency shortage. Experts suggest hackers timed the attack for Thursday, following Naver Corp.'s Wednesday announcement to acquire Dunamu as a wholly owned subsidiary through a share-swap deal. Another security official remarked, "Hackers have a strong tendency toward self-display."
This incident highlights ongoing North Korean cyber threats targeting cryptocurrency, prompting heightened responses from South Korean authorities.
