Officials: “The Attack Resembles Lazarus’ Tactics”

Authorities stated that the techniques used in the Upbit hack strongly resemble those used in previous Lazarus operations. One of the biggest reasons strengthening this suspicion is the fact that Lazarus was confirmed to be behind the 2019 Upbit hack, in which 342,000 ETH were stolen.

A government official noted that instead of directly attacking the exchange’s servers, the attackers most likely:

• Gained access to administrative accounts
• Impersonated admins during transfer approval processes

This indicates that the attack was highly coordinated and professionally executed.

Upbit Revises Loss Estimate

Upbit suspended deposits and withdrawals after detecting abnormal transfers involving various tokens on the Solana network. The exchange initially reported losses of 54 billion won ($36.8 million), but after further analysis, the figure was revised to 44.5 billion won ($30.4 million).

Most of the compromised assets were Solana-based tokens. On-chain analysis shows that a wallet associated with the hacker converted the stolen Solana assets into USDC and was preparing to transfer the funds to the Ethereum network.

Hacker Activity Tracked On-Chain

According to blockchain analytics provider Dethective, the attacker’s wallet:

• Swapped stolen Solana (SOL) assets for USDC
• Prepared to bridge funds to Ethereum

These actions align with the escape and obfuscation techniques frequently used by Lazarus in previous operations.

Critical Timing for Upbit and Dunamu

The timing of the attack has also raised attention. Just one day before the hack, South Korea’s financial giant Naver Financial officially announced merger plans with Dunamu, the company behind Upbit. The merger is seen as a strategic move to expand digital asset services and strengthen Upbit’s corporate structure. The fact that the hack occurred immediately after this major announcement has once again brought cybersecurity risks to the forefront.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post The Group Behind the Upbit Hack Has Been Identified appeared first on Coin Engineer.

Solana-Based Tokens Transferred to an Unknown Wallet

According to Upbit, the attack was detected around 04:42 KST (23:42 TSI) when an unusual token movement was observed in the system. Initial investigation revealed that various Solana-based tokens were rapidly withdrawn from the platform and sent to an unidentified external wallet. The fact that the movements targeted a single wallet in a coordinated fashion suggests that the attack was not random but a pre-planned and highly organized operation.

Upbit confirmed that 54 billion KRW (approximately $36 million) worth of assets on the Solana network were stolen. The compromised tokens include several popular assets in the Solana ecosystem such as SOL, BONK, PYTH, ORCA, RAY, JTO, USDC, and many others. The attack impacted more than 20 tokens in total, including 2Z, ACS, DOOD, DRIFT, HUMA, IO, JUP, LAYER, ME, MEW, MOODENG, PENGU, RENDER, SONIC, SOON, TRUMP, and W.

Upbit Moves Assets to Cold Wallets; $8.18 Million Frozen in Initial Response

Upon detecting the breach, Upbit immediately transferred all hot wallet assets to cold wallets as an additional security precaution. The exchange also contacted various projects within the Solana ecosystem to initiate token freeze procedures.

The first successful result came from the freezing of LAYER tokens worth $8.18 million. Upbit continues to coordinate with project teams and regulatory authorities to freeze additional stolen assets and prevent the stolen funds from being moved further.

Upbit: “We Will Not Allow Any User Losses”

In its official statement after the attack, Upbit reiterated that all user funds would be fully protected. The exchange stated that it will compensate all losses using its own reserves, ensuring that customers do not suffer any financial impact. This approach aligns with previous strategies adopted by Korean exchanges when handling security incidents in the past.

Investigation Into the Source of the Attack

Upbit has not yet disclosed technical details regarding how the exploit occurred. The platform stated that it is conducting a comprehensive investigation to determine the exact vulnerability that enabled the attack. Experts note that the focus on Solana may not be a coincidence, as Solana’s high transaction throughput could have been leveraged by attackers. However, whether the breach stemmed from an internal technical flaw or an external malicious compromise will become clearer in the coming days.

Upbit also confirmed that a total of $38.5 million worth of assets were transferred to the unknown wallet on November 27. The exchange has suspended all platform operations until the security renewal process is fully completed. Upbit emphasized that its team is working 24/7 during this period to ensure maximum protection of user funds.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Upbit Hit by Multi-Million Dollar Hack Attack on the Solana Network! appeared first on Coin Engineer.

This asset disaster that Upbit faced, the largest crypto exchange in South Korea, also emerged with the discovery of a fake deposit in the early hours of Sunday. Additionally scammers successfully managed to deposit a fake token onto the platform by portraying it as a real Aptos (APT) token.

You might like: Could Binance Go Bankrupt?

While the real APT has a price with eight decimal places, the fake APT asset had a price with six decimal places and Upbit, noticed this difference quickly, thus contributing to the prevention of a serious crisis. According to Definalist’s estimate, if the fake coin had a price with eight decimal places, thousands of investors could suffer significant losses and this could have led to Upbit’’s bankruptcy.

Amazing Korean exchange upbit incident today

1. The Largest S.Korean exchange @Official_Upbit , abruptly halted Aptos' deposits and withdrawals, citing a wallet system maintenance without any specific reason

2. Various Korean users have posted authentication claiming that they… pic.twitter.com/OjfCwhB4eV

— Definalist (@definalist) September 24, 2023

According to social media shares, people claim that a flaw in the system is identifying all transactions as the same APT token. So this flaw appears to have caused the Aptos ecosystem to incorrectly classify any cryptocurrency transfer to the Upbit wallet as the APT local token.

After the incident, the exchange managers are making efforts to resolve the issue and are requesting a refund from those who led to the fake token swap.

You can freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram  ,YouTube and Twitter channels for the latest news and updates.

The post UpBit Faced a Fake Asset Disaster! appeared first on Coin Engineer.