South Korea suspects that a North Korean team may be behind a major cyberattack on Upbit, the country’s largest cryptocurrency exchange, which resulted in the unauthorised withdrawal of 44.5 billion won ($30.4 million) in cryptocurrencies on Thursday, the Yonhap News Agency.
South Korean authorities are inspecting Upbit’s systems and suspect hackers tied to North Korea’s spy agency, known as the Lazarus Group, were behind what the exchange called “an abnormal withdrawal,” reported Yonhap.
The Lazarus Group has been linked to several crypto heists in recent years, with the US Federal Bureau of Investigation (FBI) calling North Korea’s cyber operations “one of the most advanced persistent threats.”
Ongoing investigation into the hack
The recent attack at Upbit showed similarities to a 2019 cryptocurrency heist of 58 billion won, which was linked to Lazarus Group, according toYonhap, citing an unnamed government official.
An official at South Korea’s National Police Agency told Reuters that they had launched a probe into the case, but refused to give any further details.
An official at Dunamu, the operator of Upbit, said: “We are currently investigating the cause and scale of the asset outflow,” Reuters reported.
The cyberattack occurred just hours before South Korean internet giant Naver announced the acquisition of Dunamu.
Is Upbit still operating?
After Thursday’s hack, crypto exchange Upbit has suspended all deposits and withdrawals on its platform.
The crypto exchange said that a portion of Solana network-based assets worth around 44.5 billion won was transferred to an unauthorised external wallet on 27 November, adding that the stolen amount was initially estimated at 54 billion won but later revised to reflect asset prices at the time the exploit occurred, Bloomberg reported on Thursday.
Rising cases of cyberattacks on crypto exchanges
Cryptocurrency exchanges have been facing a surge in cyberattacks, with multiple high-profile hacks in the last few months, highlighting the growing risks and challenges of securing digital assets.
In February this year, the same Lazarus group allegedly stole $1.5 billion in Ethereum tokens from the Dubai-based crypto exchange ByBit. A few months later, in June, one of India’s largest crypto exchanges, CoinDCX, confirmed a major security breach in which hackers stole around $44 million from the platform.
North Korean hackers’ record of stealing so far
Hackers linked to the have stolen more than $2 billion in cryptocurrency this year, according to a blog post by the blockchain analysis firm Elliptic published in October.
The previous record was in 2022, when North Korea stole $1.35 billion. Elliptic’s analysis estimates the regime’s total amount of stolen crypto since 2017 to be at least $6 billion, though the firm notes this figure may still be an underestimate, as reported by Mint earlier.