Upbit Heist: Lazarus Linked to $30M Upbit Crypto Heist

North Korea’s Lazarus Group is suspected of orchestrating a $30.4 million crypto theft from Upbit. This targets South Korea’s largest exchange.

North Korea’s Lazarus Group is suspected. They orchestrated the recent theft of roughly 44.5 billion won ($30.4 million). This crypto was hacked from Upbit. Upbit is the largest crypto exchange in South Korea. This was what was reported by local media on Friday.

Lazarus Group Suspected in Upbit Crypto Heist

Upbit initially said it had lost 54 billion won ($36.8 million). However, it later revised the number down. The new figure is about 44.5 billion won ($30.4 million). This was reported by Yonhap News Agency. It referred to anonymous government and industry sources. Authorities are preparing to inspect Upbit on the spot. Confidence is mounting that Lazarus was responsible for the security breach.

Related Reading: Upbit Hack: Upbit Suffers $36.8M Hack, Halts All Transfers | Live Bitcoin News

According to government and business sources, the authorities plan to investigate on-site. This will be at the crypto exchange. They think that Lazarus was the one behind the hacking. Dunamu operates Upbit. It verified the transfer of 44.5 billion won of assets that were affiliated with Solana. This has gone to an unauthorized wallet address. Dunamu intends to raise the entire amount out of company-owned assets.

The hacking group had been suspected of stealing 58 billion won worth of Ether from Upbit in 2019. Authorities said the methods in the latest incident were similar to those of the 2019 theft. “Instead of attacking the server, it is possible that hackers compromised the accounts of administrators or disguised as administrators to make the transfer,” a government official said.

On the other hand, experts point out that this hacking incident has happened at a time when Pyongyang is trying to earn money. This is amid a foreign currency shortage. “It is the strategy of Lazarus to move crypto to wallets at other crypto exchanges and try money laundering,” a security official said. Such methods make it impossible to track the transaction.

Authorities Prepare On-Site Inspection

Others said hackers may have deliberately picked Thursday for their attack. Naver Corp. is the leading search engine operator in South Korea. It announced its decision the previous day. In addition, this was in order to obtain Dunamu as a 100% subsidiary of Naver Financial. This would be in the form of a deal of share swap. “Hackers have a big ego, a big tendency to self-display,” another security official said.

Meanwhile, this supposed involvement of the Lazarus Group shows ongoing threats. Nation-state actors increasingly attack cryptocurrency exchanges. Their aim is often to evade sanctions. Such funds go for illicit activities.

Additionally, the reworked loss figure from Upbit shows continued evaluation. Initial reports are often different from final confirmed amounts. The exchange’s commitment to cover losses is crucial. It serves as a protection to the users as well as to keep the market confident.

The similarity in attack methods to the incident in 2019 is worrying. It implies a recurrent vulnerability or a consistent perpetrator. Authorities will most likely target administrator account security. This is given by the statement of the official.

However, the timing of the attack, along with the Naver-Dunamu deal, raises questions. Hackers may use high-profile events to their full advantage. This is as suggested by the security official. Their “self-display” tendency could be a factor.

Moreover, international cooperation will be crucial to the investigation. Tracking funds that have been laundered through multiple exchanges is complicated. Global law enforcement agencies have to work together. This is to combat sophisticated groups of cyber criminals.

Lastly, this incident refuels the need for improved security measures. Exchanges have to keep their protocols updated continuously. They have to guard against evolving threats. User education on security best practices is also important.