South Korean authorities are investigating a major breach at the Upbit crypto exchange, where 44.5 billion won ($30.4M) was stolen.
Major breach has been investigated by South Korean authorities
SEOUL, Nov 28 (Reuters) — South Korean authorities are investigating a major security breach at the Upbit cryptocurrency exchange, following the unauthorized withdrawal of 44.5 billion won ($30.4 million). According to the Yonhap News Agency, investigators suspect the cyberattack was carried out by a North Korean hacking team.
Officials are currently scrutinizing Upbit’s systems and believe the operation may be linked to the Lazarus Group, a notorious cyber unit affiliated with North Korea’s intelligence agency. The exchange described the incident as “an abnormal withdrawal,” prompting an urgent security review as authorities work to determine the full extent of the breach and the actors involved.
The Lazarus Group has long been tied to a string of major cryptocurrency heists worldwide, with the U.S. Federal Bureau of Investigation repeatedly warning that North Korea’s state-backed cyber units rank among the world’s “most advanced persistent threats.” In the latest case, Yonhap reported that Thursday’s Upbit breach exhibited the same tactical patterns and digital footprints seen in the 2019 theft of 58 billion won in crypto assets—an attack conclusively linked to Lazarus. An unnamed South Korean government official told the agency that the operation carried the “distinct, refined signature” of the group’s previous campaigns, further strengthening suspicions that North Korea’s elite hacking apparatus executed the theft.
An official from the National Police Agency’s cybercrime investigation unit confirmed that a formal inquiry into the Upbit breach is underway but declined to provide further details, citing the sensitivity of the case. The National Intelligence Service, which typically handles state-linked cyber threats, could not be reached for comment.
A representative from Dunamu, the operator of Upbit, stated, “We are currently investigating the cause and full scale of the asset outflow,” as internal teams work alongside authorities to assess the damage.
The incident unfolded just hours before South Korean internet giant Naver announced its acquisition of Dunamu, adding to the shock surrounding the breach. Upbit, the country’s largest and most influential cryptocurrency exchange, now faces intensified scrutiny as investigators work to determine whether the timing of the attack was coincidental or strategically calculated.
