South Korean authorities now suspect North Korea’s Lazarus Group was behind the Upbit breach on Thursday, according to a Yonhap report released Friday, with investigators preparing an on-site probe at the exchange.
The development follows Upbit’s disclosure on Thursday that irregular withdrawals on the Solana network drained roughly $36 million across multiple tokens, prompting Dunamu, its parent company, to freeze affected wallets, move remaining funds offline, and commit to fully reimbursing customers.
“The abnormal withdrawals occurred from hot wallets. The cold wallets were not subjected to any breach or theft,” a spokesperson from Dunamu told Decrypt following the incident, confirming that all assets were transferred to cold wallets “to prevent any additional withdrawal” and that the exchange was “taking on-chain measures to freeze transactions.”
The company has also “reported the occurrence of the abnormal withdrawals to the relevant authorities,” in accordance with local laws, and is “currently investigating the cause and scale of the outflows,” the spokesperson added.
Decrypt has reached out separately to ask Dunamu whether it could confirm or believes the suspected group is behind the attack.
A representative from PeckShield, the blockchain security firm that first shared Dunamu’s disclosure regarding the anomalous withdrawals on Thursday, told Decrypt that it did not have a comment “regarding the actor behind it,” as well as any “concrete evidence regarding the investigation yet.”
CertiK, another blockchain security firm, maintains an analytics dashboard on Upbit through its Skynet program.
The firm “followed the fund flow of over 100 exploiter addresses on Solana,” and observed that “the speed and scale of withdrawals are reminiscent of previous Lazarus-related attacks,” although it does not have “definitive evidence on the chain yet,” a representative from CertiK told Decrypt, adding that it will continue to monitor the fund movement “to see if they trace to Lazarus-related laundering network.”
The Lazarus Group is a North Korean state-linked hacking outfit long tied to high-impact crypto thefts. The group has been linked to major exploits targeting exchanges, decentralized finance protocols, and infrastructure providers.
In February, blockchain data platform Arkham Intelligence attributed the Bybit hack to Lazarus. The hack ranked as the largest single theft operation, resulting in over $1.4 billion in losses.
Over the years, Lazarus has repeatedly employed a variety of tactics, moving from exchange intrusions to supply chain attacks and even the compromise of developer environments.
The group has also been known to deploy custom malware clusters stealing crypto, social engineering lures, and massive laundering infrastructure, routing stolen crypto through mixers and bridges across different chains.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
