North Koreaโ€™s Lazarus Group Suspected in Upbit Hack

On By admincoin

The Lazarus Group, a North Korean cybercrime faction, is suspected of executing a $30 million hack at South Koreaโ€™s Upbit exchange, affecting Solana-based tokens in a hot wallet.

This event highlights the persistent threat North Korean hackers pose to the global cryptocurrency landscape, prompting intensified security measures and investigations by South Korean authorities.

$30 Million Solana Heist by Lazarus Group

The Lazarus Group, suspected to be state-backed by North Korea, allegedly hacked Upbit, South Koreaโ€™s largest cryptocurrency exchange. The hack resulted in a $30 million theft of Solana-based tokens from the exchangeโ€™s hot wallet. The hack coincided with Upbitโ€™s parent company, Dunamu, undergoing a major merger with tech giant Naver. Previous attacks by Lazarus have targeted cryptocurrency assets, including a $41 million theft from Upbit in 2019.

Upbit Suspends Services Post-Hack

Following the breach, Upbit suspended all deposits and withdrawals. The company reimbursed affected users and suffered a $4 million loss. Experts highlight the disruptiveness of the attack, consistent with Lazarusโ€™ modus operandi in major exchange hacks. The incident provoked increased scrutiny from South Korean authorities, who have commenced on-site inspections at Upbit. Blockchain analysis reveals the use of familiar mixing and laundering techniques, marking another significant blow to the crypto ecosystem.

20% Infiltration Rate by North Korean Hackers

Lazarus has a notorious history with cryptocurrency exchange hacks. Notable incidents include the 2019 Upbit Ethereum theft. The group is linked to major hacks, like the $1.5 billion Bybit theft in 2025, underscoring the persistent threat. Pablo Sabatella from Opsek emphasizes the seriousness of such state-backed threats, noting a 20% infiltration rate among crypto companies by North Korean cybercriminals. The incident further illustrates ongoing vulnerabilities in crypto infrastructure.

โ€œThe threat posed by North Korean hackers is much worse than everybody thinks,โ€ noting a 20% infiltration rate in crypto companies by regime-linked cybercriminals. โ€” Pablo Sabatella, CoinDesk
Disclaimer: This website provides information only and is not financial advice. Cryptocurrency investments are risky. We do not guarantee accuracy and are not liable for losses. Conduct your own research before investing.