A Major Breach Sends Shockwaves Through Korea’s Crypto Sector
South Korea’s largest exchange Upbit is now at the center of a high-stakes security investigation after a Thursday exploit drained $36 million from its Solana hot wallets. Authorities say the theft bears the hallmarks of North Korea’s Lazarus Group, one of the most notorious hacking collectives in the world. Regulators confirmed they are preparing an on-site review as the breach escalates into a national-level security concern.
Upbit Rushes to Contain the Damage
Upbit revealed that the irregular withdrawals originated entirely from hot wallets, while cold wallets remained uncompromised. A spokesperson for Dunamu, Upbit’s operator, said the exchange immediately froze all affected addresses, shifted remaining funds offline, and began on-chain countermeasures to block further movement of the stolen assets.
Investigators Zero In on the Hacker’s Footprint
While the motive and method align with Lazarus’ historical attack patterns, blockchain intelligence firms say they still lack definitive on-chain proof. CertiK - monitoring the breach via its Skynet platform - said the speed, scale, and signature of the withdrawals match earlier Lazarus-linked operations.
The firm is analyzing over 100 exploiter addresses, noting that the flow and precision of the transactions strongly resemble past North Korean–linked attacks, though it cautions that final attribution has not been confirmed.
Lazarus Group’s Long Shadow Over Crypto Security
Lazarus has built a chilling reputation as the most destructive hacking outfit targeting crypto, responsible for billions in stolen assets over the last decade. Their operations have hit exchanges, DeFi protocols, and cross-chain bridges - including the $1.4 billion Bybit exploit, which Arkham Intelligence previously attributed to the group.
Known for custom malware, supply chain compromises, and aggressive laundering networks, Lazarus continues to exploit weaknesses across the crypto ecosystem, often routing funds through mixers, cross-chain bridges, and stealth wallets.
Upbit Hack Adds to Growing Global Security Concerns
This latest exploit underscores the urgent need for stronger Web3 security, particularly for exchanges handling large amounts of retail capital. Regulators in South Korea have already tightened restrictions this year, and the Upbit breach is likely to accelerate new oversight measures.
With North Korean threat actors intensifying attacks, experts warn that exchanges must treat hot wallets as high-risk exposure points, especially on chains like Solana, where transactions move too quickly for easy interception.
