Upbit, South Korea's largest cryptocurrency exchange, is currently under regulatory scrutiny following a major hack that led to the unauthorized withdrawal of approximately $36.9 million in assets on the Solana (SOL) network. The breach affected over 20 different tokens and resulted in Upbit freezing assets on the platform while the investigation progresses.
Lazarus Group Involved in Upbit Hacking
Authorities are currently investigating the possibility that North Korea was involved in the cyber attack. The report said a group associated with North Korea's notorious Lazarus Group intelligence agency may have orchestrated the hack, which Upbit described as an “unusual retreat.”
The group has been consistently involved in several high-profile cryptocurrency heists in recent years, and the US Federal Bureau of Investigation (FBI) has identified North Korean cyber operations as one of the most advanced and persistent threats.
The recent attack coincidentally happened just days before Upbit celebrated the 6th anniversary of its last major breach in which it lost 342,000 Ethereum (ETH) to North Korean hackers.
An anonymous government official said the latest hack has similarities to a 2019 incident in which about 58 billion won worth of virtual currency was stolen, also attributed to the Lazarus Group.
Following the attack, the South Korean National Police Agency launched an investigation into the matter, but officials have not released any further comment on the incident. Dunamu, Upbit's operator, confirmed that a detailed investigation into the cause and scope of the asset theft is currently underway.
Crypto exchange moves funds to cold storage
The cryptocurrency exchange's CEO Oh Kyung-seok said that Upbit immediately suspended all deposit and withdrawal services as soon as the abnormal withdrawal activity was detected.
“We are prioritizing the protection of member assets and are conducting comprehensive inspections,” he said in a notice to users. Following the discovery of the fraudulent transactions, Upbit took steps to freeze as much of the affected funds as possible.
To prevent further fraudulent transfers, the exchange moved all remaining assets to cold storage to ensure a “safe environment for funds.”
Upbit is also said to be working with related project teams to freeze on-chain assets and has already blocked some stolen funds related to the LAYER cryptocurrency. The exchange said it would only resume deposits and withdrawals once full security checks have been completed.
As part of its commitment to its users, Dunamu is committed to covering customer losses with business funds. It remains to be seen what additional information the country's authorities will release in the coming days and the possible deadline for refunds to affected individuals.
Featured image from DALL-E, chart from TradingView.com
