South Korea’s largest cryptocurrency exchange, Upbit, suffered a theft of approximately 44.5 billion won ($30.4 million) in crypto, with authorities suspecting North Korea’s Lazarus Group as the orchestrators.

Details of the Breach

• The hack targeted Solana-based assets, which were swiftly converted to USDC and bridged into Ethereum across multiple wallets, according to on-chain analysis.
• Initial reports estimated losses at 54 billion won ($36.8 million) but were later revised down.
• Investigators noted the attack resembled a 2019 Upbit hack, also linked to Lazarus, suggesting a repeat methodology.
• Government sources indicate the breach likely involved administrator account compromise or impersonation, rather than a direct server attack.

Immediate Response

• Upbit suspended deposits and withdrawals to prevent further losses.
• Authorities are preparing an on-site inspection of Upbit to assess security gaps and stolen asset tracing.
• Blockchain analysis shows stolen Solana assets were rapidly swapped for USDC and moved into Ethereum wallets, highlighting advanced laundering techniques.

Context: Merger with Naver Financial

• The hack occurred shortly after Naver Financial confirmed its acquisition of Dunamu, Upbit’s parent company.
• Naver Financial aims to leverage the merger to expand digital asset services and ensure growth in crypto markets, though the hack raises regulatory and security scrutiny.

Bottom Line:
The incident underscores the ongoing security risks in crypto exchanges, particularly from state-backed hacking groups like Lazarus. While Upbit is working to reimburse affected users, the event highlights the critical need for robust internal controls and regulatory oversight, especially amid major corporate mergers.