A recent cyberattack on South Korea’s largest cryptocurrency exchange was allegedly conducted by a North Korean government-backed hacking group.
Yonhap News Agency reported on Friday that South Korean government officials are involved in the investigation surrounding $30 million worth of cryptocurrency that was stolen from Upbit on Wednesday evening.
On Friday, South Korean officials told the news outlet that North Korea’s Lazarus hacking group was likely involved in the theft based on the tactics used to break into the cryptocurrency platform and the methods deployed to launder the stolen funds.
Investigators believe the hackers impersonated administrators at Upbit before transferring about $30 million.
In a statement, the company called the theft an “abnormal withdrawal” and said it is in the process of investigating the attack.
Oh Kyung-seok, CEO of parent company Dunamu, added that the platform has suspended deposits and withdrawals.
All losses will be covered by Upbit. The attack came one day after South Korean internet giant Naver purchased Dunamu for $10 billion.
“After detecting the abnormal withdrawal, Upbit immediately conducted an emergency security review of the relevant network and wallet systems,” the CEO said. “To prevent further abnormal transfers, all assets have been transferred to a secure cold wallet.”
Upbit tracked some of the stolen funds to another wallet on Thursday and is trying to freeze some of the assets so they cannot be moved further.
Investigators noted that the attack bears the hallmarks of a previous incident in 2019 when about $40 million was stolen from Upbit. That attack was also attributed to Lazarus — one of the most prolific state-backed hacking groups.
Lazarus is allegedly organized within the North Korean Reconnaissance General Bureau and has stolen billions worth of cryptocurrency over the last nine years, with blockchain monitoring firm Chainalysis saying hacking groups connected to North Korea’s government stole $1.3 billion worth of cryptocurrency across 47 incidents in 2024.
The group is accused of stealing $1.5 billion from Dubai-based crypto platform Bybit in February. The United Nations said last year that it is tracking dozens of incidents over a five-year period that have netted North Korea $3 billion.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
