North Korea's notorious cybercrime unit, Lazarus Group, is suspected of orchestrating a major cryptocurrency breach that drained approximately $30.6 million from South Korea's largest exchange, Upbit. The attack targeted Solana-linked assets, with Upbit's operator, Dunamu, confirming that assets worth 44.5 billion won were transferred to an unauthorized wallet on Thursday.
Dunamu has pledged to fully reimburse users from its own reserves and moved quickly to halt withdrawals and deposits as internal checks were launched. Investigators noted that the techniques used in the breach closely resembled the 2019 incident in which attackers stole 58 billion won in Ethereum from the same platform. Officials believe the hackers may have bypassed core infrastructure by impersonating administrators or compromising internal accounts to authorize the withdrawal.
The stolen funds were rapidly laundered through multiple wallets, a tactic Lazarus has used in past operations to obscure transaction trails. Security officials stated that the funds were swiftly moved through wallets associated with other platforms, indicating an attempt to break tracking.
South Korean authorities are preparing an on-site inspection at the exchange, following signs that the attack may be tied to the same actors behind previous intrusions attributed to Lazarus. The incident has prompted discussions on sanctions against North Korea, with officials emphasizing coordination with the US to counter cyber threats linked to funding nuclear and missile programs.
Additionally, the breach occurred shortly after Naver announced plans to acquire Dunamu via a share-swap deal, adding to the event's significance. Naver Financial is also preparing to roll out a stablecoin wallet in Busan, though this is separate from the hack investigation.
ETH
USDM
HYPE
BAL
POLY