North Korean Lazarus Group Suspected in Major Upbit Security Incident
The post North Korean Lazarus Group Suspected in Major Upbit Security Incident appeared on BitcoinEthereumNews.com.
Crime South Korean regulators are preparing an on-site investigation at the Upbit exchange after a sudden outflow of digital assets triggered nationwide alerts. Key Takeaways: Upbit lost roughly 45 billion won in crypto after unauthorized transfers traced to external wallets. Investigators believe attackers abused high-level administrative access, consistent with previous Lazarus-linked breaches. Dunamu will reimburse all affected users while authorities conduct an on-site probe at the exchange. The transfers — now calculated at roughly 45 billion won — were traced to external wallets shortly before authorities flagged abnormal administrative activity. Why investigators immediately traced it to Lazarus Officials reviewing early telemetry say the pattern of the breach looked familiar before the destination of the funds was even identified. Rather than exploiting backend infrastructure, the attackers appear to have gained high-level account authority, enabling withdrawals without attacking servers directly.The method mirrors a well-documented 2019 incident in which the same state-linked hacking organization stole 58 billion won in ETH. Rather than celebrating technical sophistication, analysts called the method “practical, predictable, and consistent with financially motivated cybercrime.” Political and financial backdrop The attack lands at a moment when North Korea is widely believed to be relying on cyber-enabled revenue for foreign currency. Intelligence groups tracking the Lazarus group say the operation aligns with an ongoing strategy: steal crypto, move assets between exchanges quickly, and launder through networks engineered to sever transaction trails from original sources. The exchange’s operator, Dunamu, said affected users will be fully compensated using corporate reserves, guaranteeing no losses for retail account holders. The timing raises questions, not coincidences The breach occurred one day after Naver Corp. announced a full share-swap agreement to acquire Dunamu. Cybersecurity analysts argue that Lazarus has a habit of targeting moments when attention is heightened around a company — not only for financial gain but…
Filed under: News - @ November 28, 2025 3:28 pm