- South Korea’s Upbit exchange suspended operations on Thursday after hackers stole $36 million worth of crypto.
- Authorities suspect North Korea’s Lazarus Group used credential hijacking tactics similar to their 2019 Upbit breach to access the exchange’s systems.
South Korean law enforcers are investigating out if North Korea’s notorious Lazarus Group was behind the $36 million cyberattack that targeted Upbit, the biggest cryptocurrency exchange in the country. In the incident that caused a freeze in all transactions after hackers got access to a hot wallet with Solana network tokens by the platform, hackers had compromised a hot wallet containing tokens on the Solana network, hence all transactions were suspended. This is the second time that the security of the platform has been breached.
Major Security Breach Rocks Upbit Exchange
On Thursday, Upbit decided to stop all crypto trading temporarily because it found some strange and suspicious activities related to Solana network tokens on its platform, thus causing a wave of security concerns among users and regulators.
The exchange made it clear that the attackers took about 54 billion Korean won, which is approximately $36 million to $37 million, from a single one of their hot wallets.
It’s the second time in six years that Upbit’s hot wallet has been seriously compromised; thus, the problem of weak security measures for the crypto exchange industry’s tech infrastructure has been around for quite a while now.
An investigation by the authorities in South Korea revealed that the attackers most likely forcibly took over the administration account or impersonated it to gain unauthorised access. They used the same kind of tactics that the Lazarus Group had used in the past.
Security analysts have compared this case with the 2019 Upbit hacking incident and found very similar patterns in both cases. Based on their analysis, the hackers behind the 2019 Upbit attack were part of the same North Korean hacking collective as in this case.
Experts pointed out that the probability of a North Korean involvement is extremely high, especially in light of the fact that North Korea is suffering from a severe shortage of foreign currency and has a past record of cryptocurrency theft.
The stolen money, as per the reports, was passed through a series of complex mixing operations as part of a plan to cover the tracks, a signature technique that is frequently used by the Lazarus Group in their previous cryptocurrency thefts.
The attack’s timing has led to further theories regarding the attackers’ aims and possible links to cyber warfare units of North Korea that are sponsored by the state. The intrusion took place on the 27th of November, which is also the day when Upbit’s parent company, Dunamu, made public a major corporate merger with Korean technology giant Naver.
Security experts commented that the attackers might have intentionally selected this date in order to create a stir and show off their abilities during a low-profile corporate announcement.
“Hackers tend to have a strong desire to show off,” a cybersecurity expert said, pointing out how the timing of the attacks is often the most impressive part that the hackers want to be recognized symbolically.”
The situation highlights the anxiety that has been growing due to the increase in the number of crypto-theft operations attributed to North Korea, through which, as it is said, the regime’s weapons programs get funded, and the regime is facilitated in getting around international sanctions.
The South Korean police are still on the trail of Upbit hackers, while the exchange is committed to returning to regular operations and upgrading its security measures so that the attack will not be repeated.
Highlighted Crypto News Today:
43% Price Rally and 677% Volume Boom: Will TURBO Bulls Break Into Uncharted Territory?
Source: https://thenewscrypto.com/lazarus-group-suspected-in-36m-upbit-cryptocurrency-heist/