TLDR
- South Korea suspects Lazarus Group is behind the $30M Upbit hack.
- Upbit detected abnormal withdrawals, halting services.
- Authorities link the hack to 2019 Upbit theft tactics.
- Blockchain analysis reveals the hacker’s use of Solana and Ethereum.
- Upbit’s merger with Naver Financial proceeds amid security concerns.
South Korean authorities suspect that North Korea’s Lazarus Group carried out the recent hack of Upbit, one of the country’s largest cryptocurrency exchanges. A report by YOHAP NEWS AGENCY confirms that the attack resulted in a loss of approximately 44.5 billion won ($30.4 million). The breach came to light after Upbit detected suspicious activity on its platform.
Upbit Detects Unusual Withdrawals
On Thursday, Upbit identified abnormal withdrawals of Solana-based crypto assets. In response, the platform halted all deposit and withdrawal services to contain the issue. Blockonomi confirmed that Upbit quickly began investigating the source of the transfers, which involved substantial sums of crypto. The company initially reported a loss of 54 billion won ($36.8 million).
However, this figure was later revised down to 44.5 billion won ($30.4 million). Upbit’s swift actions limited further damage, though the hack raised concerns about the security of the exchange. According to a recent update, South Korean authorities are increasingly confident that the Lazarus Group is responsible for the breach. This conclusion is partly due to the similarities between this attack and a 2019 theft from Upbit, which also involved large-scale crypto theft.
Authorities suspect that Lazarus may have used similar tactics to carry out the Upbit hack. The method of attack is believed to have involved compromising administrator accounts or impersonating admins to authorize the withdrawals. “We are closely inspecting the situation to confirm whether Lazarus is involved,” a government official explained. South Korean police had previously linked Lazarus to the 2019 hack that saw the theft of 342,000 ETH.
Upbit Hack Investigation and Blockchain Analysis
Investigators are now focusing on blockchain data to track the stolen funds. On-chain analysis shows that the hacker’s wallet swapped Solana for USDC. The funds were then bridged to the Ethereum network, suggesting an attempt to obscure the trail. Blockchain analysis provider Dethective revealed the transaction patterns linked to the hack. This analysis further supports the suspicion that Lazarus is behind the attack, given the group’s known tactics.
Authorities are continuing to monitor the movement of the stolen funds across multiple networks. As it was reported by Blockonomi, the recent Upbit hack coincided with an announcement from Naver Financial. The company confirmed the merger with Dunamu, the operator of Upbit. Naver Financial’s move to integrate Dunamu as a subsidiary aims to strengthen its position in the digital asset sector.
Despite the security breach, Upbit’s merger with Naver Financial underscores its long-term growth plans. The integration is expected to enhance Upbit’s resources and capabilities in handling digital assets. The hack, however, raises questions about the platform’s ability to safeguard user funds in light of ongoing cyber threats.
The post South Korean Authorities Tie $30M Upbit Hack to North Korea’s Lazarus Group appeared first on Blockonomi.
Source: https://blockonomi.com/south-korean-authorities-tie-30m-upbit-hack-to-north-koreas-lazarus-group/