Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
South Korea’s premier cryptocurrency exchange, **Upbit**, fell victim to a sophisticated **$30.4 million hack** on November 27, 2025, with authorities pointing fingers at North Korea’s infamous **Lazarus Group**. The breach, draining 44.5 billion won in Solana-based assets from a hot wallet, eerily echoed the group’s 2019 heist that pilfered 342,000 ETH from the same platform—now valued at over $1 billion. This **crypto exchange hack** has amplified fears of state-sponsored cyber threats, especially as digital assets fuel Pyongyang’s economy amid sanctions.
The intrusion struck at 4:42 a.m. local time, exploiting admin credentials rather than direct server assaults—likely via phishing or impersonation, per Yonhap sources. Upbit detected anomalies in Solana tokens, swiftly halting deposits and withdrawals while evacuating funds to cold storage. Initial loss estimates of $38 million were trimmed to $30.4 million post-audit, sparing cold wallets but exposing hot wallet vulnerabilities.
Blockchain trackers like Dethective and CertiK observed the loot’s frantic dance: swaps to USDC, bridges to Ethereum via Allbridge, and hops across 185 addresses—textbook Lazarus laundering via mixers. The timing? Precisely six years after the 2019 breach and hours post-Dunamu’s $10.3 billion merger announcement with Naver Financial, sparking whispers of “self-display” provocation.
Dunamu CEO Oh Kyung-seok vowed full reimbursements from corporate reserves, ditching insurance to shield users, alongside bolstering multi-signature protocols and intrusion alerts. The Financial Services Commission (FSC) and Korea Internet & Security Agency (KISA) launched on-site probes, urging audits amid a 15% trading volume plunge.
Lazarus, blamed for $2 billion in annual crypto raids, underscores **North Korean hacking** as a geopolitical weapon. With Solana dipping 2% and regulators circling—fresh off a $26.5 million FIU fine—this **Upbit Lazarus hack** demands self-custody and fortified defenses. In crypto’s wild frontier, vigilance isn’t optional; it’s survival. As the merger looms, will Seoul’s watchdogs finally tame the dragon?
