South Korean authorities suspect North Korea’s Lazarus group is behind the recent Upbit hack, which saw 44.5 billion won (~$30 million) stolen from the exchange’s hot wallet. The attack coincided with Dunamu’s announcement of a $10.3 billion merger with Naver, amplifying concerns over security and regulatory scrutiny.

Sophisticated Cross-Chain Theft

On-chain data revealed the stolen assets included Solana-based tokens, rapidly converted into Ethereum across 185 wallets within hours. Analysts noted the advanced money-laundering tactics, including cross-chain swaps and bridging via Allbridge, which left observable blockchain traces.

The attacker reportedly accumulated over $1.6 million in ETH after draining the hot wallet. Authorities are investigating whether the breach mirrors 2019-style hot-wallet attacks previously attributed to Lazarus.

Regulatory Pressure Intensifies

The hack compounds Dunamu’s ongoing legal troubles. Earlier in November, the Financial Intelligence Unit (FIU) fined the firm 35.2 billion KRW (~$26.5 million) for multiple compliance failures:

• Failing required customer due diligence 5.3 million times
• Not blocking 3.3 million unauthorized transactions
• Fifteen unreported suspicious activities

The regulator also imposed a three-month partial business suspension and reprimanded nine executives. Dunamu has appealed, and the trial is scheduled next week.

Meanwhile, VASP license renewals in South Korea remain frozen, affecting the entire crypto sector. All major Korean exchanges, including Upbit, operate on extended licenses pending resolution.

Merger with Naver Faces New Hurdles

The merger, announced on November 27, aims to:

1. Develop next-generation financial infrastructure
2. Launch a KRW-backed stablecoin for local and global payments
3. Expand globally by combining Dunamu’s blockchain expertise with Naver’s platform reach

The $10.3 billion all-stock deal will issue 87.56 million new Naver shares. Plans also include leveraging AI and Web3 technologies and potentially seeking a Nasdaq listing if shareholder value is proven.

However, the hack introduces complications: regulators may scrutinize Upbit’s security measures, potentially delaying merger approval. A confirmed Lazarus involvement could offer partial regulatory relief, as occurred after a 2017 breach, but internal control failures could trigger additional penalties, affecting the deal.

Company Response

Dunamu has:

• Temporarily halted deposits and withdrawals
• Launched internal security checks
• Committed to working with law enforcement and analytics firms
• Pledged to fully reimburse affected customers

The outcome of VASP license renewal and criminal investigations will likely determine whether the merger proceeds as planned or faces restructuring.

Summary:
The Upbit hack represents a major test for Dunamu, coming at a critical juncture during its $10.3B merger with Naver. North Korea-linked Lazarus involvement, cross-chain theft, and prior regulatory penalties combine to heighten uncertainty. The resolution of the hack and compliance issues will be decisive for both the merger’s success and the broader South Korean crypto industry.