South Korea’s largest crypto exchange, Upbit, lost 44.5 billion won in assets following a major cyberattack. Local law enforcement and agencies are treating the involvement of North Korean hacking collective Lazarus as the primary theory. The breach struck exactly as the operator announced a strategic merger with the fintech arm of a major tech giant.
Return of Old Methods
Attackers breached the platform’s hot wallets connected to the internet. Investigators highlight that the vector is nearly identical to the 2019 scenario. Six years ago, the exchange lost 58 billion won in Ethereum due to a similar storage vulnerability.
Officials rule out a direct server hack. The leading theory points to a compromised admin account or a sophisticated impersonation to authorize transactions. Since the MO replicates the incident from six years ago, suspicion immediately fell on the same unit within North Korea’s Reconnaissance General Bureau.
Traces Lead North
On-chain analysis confirms the Pyongyang connection. Stolen funds underwent immediate hopping — rapid transfers across different wallets — before hitting mixers to obfuscate the trail.
Nations compliant with FATF standards technically block mixing services, making such operations impossible within the regulated ecosystem. Using money laundering tools remains a signature move of North Korean cybercriminals to bypass international sanctions.
A Demonstrative Attack
Experts argue the timing was no accident. The hack hit on November 27, the day the exchange operator Dunamu and Naver Financial held a joint press conference to announce integration plans. Cybersecurity analysts see a psychological motive. Hackers are often driven by ego, and striking during a major corporate event serves to expose system fragility right at a peak moment for the company.
Inspectors from the Financial Supervisory Service and KISA are currently auditing the company offices. The review aligns with regulations adopted last year that classify exchange transaction data as credit information requiring top-tier protection.
Read also:
- North Korean Hackers Stole Over $2B in Cryptocurrency in 2025 – Elliptic
- ZachXBT Uncovered 25+ Attacks Involving North Korean Hackers Masquerading as Crypto Employees
- $21 Million Drained From SBI Crypto Wallets and Moved Through Tornado Cash – ZachXBT
This post is for informational purposes only and does not constitute advertising or investment advice. Please do your own research before making any decisions.