ISTANBUL
North Korea’s Lazarus hacking group is believed to be behind the recent theft of about 45 billion won ($30.6 million) in cryptocurrency from Upbit, South Korea’s largest crypto exchange, according to South Korean media reports on Friday.
Government and industry officials cited by Seoul-based Yonhap News said authorities plan to conduct an on-site investigation at Upbit and suspect Lazarus as the likely culprit.
Upbit operator Dunamu said Thursday it detected the unauthorized transfer of 44.5 billion won in Solana-linked assets to an external wallet and will fully compensate the losses using its own holdings.
Lazarus was also suspected of stealing 58 billion won in Ethereum from Upbit in 2019, and authorities said the techniques used in the latest breach resemble those from the earlier attack.
“Instead of attacking the server, it is possible that hackers compromised administrators' accounts or posed as administrators to make the transfer,” a government official said.
Experts note the breach comes as Pyongyang is reportedly attempting to raise funds amid an ongoing shortage of foreign currency.
“It is the tactic of Lazarus to transfer crypto to wallets at other exchanges and attempt money laundering,” a security official said, adding that such methods make the transactions impossible to track.
Some analysts suggested the attackers may have deliberately timed the breach for Thursday, one day after Naver Corp., South Korea’s leading search engine, announced plans to acquire Dunamu as a wholly owned subsidiary of Naver Financial through a share-swap agreement.
“Hackers have a strong tendency toward self-display,” another security official said.