Recent Updates
13:30
Gold Holds Steady as Markets Await Fed Decision
13:26
When Will the Selling Pressure on Bitcoin End? Critical Level Revealed
12:37
Cloudflare Down Hits Crypto Exchanges and Popular Sites
12:34
Bitcoin or Gold? CZ and Peter Schiff Face Off!
12:30
BitMine Increases Ethereum Purchases: Multi-Million Dollar New Investment
12:00
Bitwise CIO: “Strategy Won’t Be Forced to Sell Its Bitcoin”
11:30
A Critical $4B Expiry Looms for Bitcoin and Ethereum Options
Crypto:
36638
Bitcoin:
$91.351
% 2.18
BTC Dominance:
%58.7
% 0.02
Market Cap:
$3.13 T
% 1.20
Fear & Greed:
28 / 100
Bitcoin:
$ 91.351
BTC Dominance:
% 58.7
Market Cap:
$3.13 T
Crypto News, News

The Group Behind the Upbit Hack Has Been Identified

Haciyev Reşit
Publish Date: 28 November 2025 10:09:38
SUBSCRIBE: Youtube Google News
Yearn Finance
28
Nov

The attack on Upbit, South Korea’s largest cryptocurrency exchange—resulting in losses of approximately 44.5 billion won ($30.4 million)—is believed to have been carried out by the internationally known North Korean hacking group Lazarus. According to a report by local media outlet Yonhap, citing government and industry sources, South Korean authorities are increasingly confident that Lazarus is linked to the attack based on the methods used and the on-chain traces.

Officials: “The Attack Resembles Lazarus’ Tactics”

Authorities stated that the techniques used in the Upbit hack strongly resemble those used in previous Lazarus operations. One of the biggest reasons strengthening this suspicion is the fact that Lazarus was confirmed to be behind the 2019 Upbit hack, in which 342,000 ETH were stolen.

A government official noted that instead of directly attacking the exchange’s servers, the attackers most likely:

  • Gained access to administrative accounts
  • Impersonated admins during transfer approval processes

This indicates that the attack was highly coordinated and professionally executed.

Upbit Revises Loss Estimate

Upbit suspended deposits and withdrawals after detecting abnormal transfers involving various tokens on the Solana network. The exchange initially reported losses of 54 billion won ($36.8 million), but after further analysis, the figure was revised to 44.5 billion won ($30.4 million).

Most of the compromised assets were Solana-based tokens. On-chain analysis shows that a wallet associated with the hacker converted the stolen Solana assets into USDC and was preparing to transfer the funds to the Ethereum network.

Hacker Activity Tracked On-Chain

According to blockchain analytics provider Dethective, the attacker’s wallet:

  • Swapped stolen Solana (SOL) assets for USDC
  • Prepared to bridge funds to Ethereum

These actions align with the escape and obfuscation techniques frequently used by Lazarus in previous operations.

Critical Timing for Upbit and Dunamu

The timing of the attack has also raised attention. Just one day before the hack, South Korea’s financial giant Naver Financial officially announced merger plans with Dunamu, the company behind Upbit. The merger is seen as a strategic move to expand digital asset services and strengthen Upbit’s corporate structure. The fact that the hack occurred immediately after this major announcement has once again brought cybersecurity risks to the forefront.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

Leave a Reply

Your email address will not be published. Required fields are marked *