South Korean regulators are preparing an on-site investigation at the Upbit exchange after a sudden outflow of digital assets triggered nationwide alerts.
Key Takeaways:
- Upbit lost roughly 45 billion won in crypto after unauthorized transfers traced to external wallets.
- Investigators believe attackers abused high-level administrative access, consistent with previous Lazarus-linked breaches.
- Dunamu will reimburse all affected users while authorities conduct an on-site probe at the exchange.
The transfers — now calculated at roughly 45 billion won — were traced to external wallets shortly before authorities flagged abnormal administrative activity.
Why investigators immediately traced it to Lazarus
Officials reviewing early telemetry say the pattern of the breach looked familiar before the destination of the funds was even identified. Rather than exploiting backend infrastructure, the attackers appear to have gained high-level account authority, enabling withdrawals without attacking servers directly.
The method mirrors a well-documented 2019 incident in which the same state-linked hacking organization stole 58 billion won in ETH.
Rather than celebrating technical sophistication, analysts called the method “practical, predictable, and consistent with financially motivated cybercrime.”
Political and financial backdrop
The attack lands at a moment when North Korea is widely believed to be relying on cyber-enabled revenue for foreign currency. Intelligence groups tracking the Lazarus group say the operation aligns with an ongoing strategy: steal crypto, move assets between exchanges quickly, and launder through networks engineered to sever transaction trails from original sources.
The exchange’s operator, Dunamu, said affected users will be fully compensated using corporate reserves, guaranteeing no losses for retail account holders.
The timing raises questions, not coincidences
The breach occurred one day after Naver Corp. announced a full share-swap agreement to acquire Dunamu.
Cybersecurity analysts argue that Lazarus has a habit of targeting moments when attention is heightened around a company — not only for financial gain but also to maximize visibility.
Government officials noted that psychological elements often accompany the group’s operations, including a pattern of selecting moments that ensure the cyberattack dominates headlines.
What happens next
The Financial Supervisory Service and local investigative bodies will begin their review directly at Upbit facilities to determine how administrator-level access was obtained and whether internal processes were manipulated.
Until then, investigators are treating the breach as part of a larger campaign rather than an isolated cyber incident.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
AuthorRelated stories
Next article
Source: https://coindoo.com/north-korean-lazarus-group-suspected-in-major-upbit-security-incident/
