Lazarus Group: $30 million stolen from Upbit in secret hack!

Lazarus Group: $30 million stolen from Upbit in secret hack!

South Korean authorities have raised serious suspicions that the notorious Lazarus Group is behind the recent hack of cryptocurrency exchange Upbit, in which over $30 million was stolen. The incident occurred in early November and is the second major attack on crypto exchanges in recent memory. Previous investigations have shown that Lazarus Group was responsible for one of the largest crypto hacks of 2023, in which approximately $1.5 billion was stolen from crypto exchange ByBit.

According to Crypto.news, the hack resulted in at least 24 Solana-based assets being stolen from a compromised hot wallet. It was discovered that the stolen funds were converted into USDC and then transferred to Ethereum, indicating a targeted approach by the attackers. Unnamed industry sources also reported that the perpetrators' modus operandi bore similarities to an incident from 2019.

Extent of damage

The disposal of the stolen 44.5 billion won, which is equivalent to about 54 billion won, shows the complexity of the attack. Upbit, in response to this incident, has suspended all deposits and withdrawals until further notice and assured that all affected users will be compensated from their own resources. However, an official investigation into the exact procedure of the hack is still pending.

South Korean authorities are certain that the attackers may have compromised administrator accounts or impersonated administrators, further underscoring the danger of this group. Lazarus Group is known for its complex and targeted social engineering tactics, which often start with phishing or developer exploits. According to reports, the group has stolen billions of dollars in digital assets over the years that are used to finance North Korea's weapons program.

Regulatory and safety aspects

The Lazarus Group’s ongoing attacks are a serious problem for the entire crypto industry. Despite international sanctions and measures against known affiliates, the group remains a significant threat. On-chain analysis shows that stolen funds are often laundered through crypto mixers, which is drawing increasing scrutiny from regulators. The timing of the attack may have been intentional to coincide with the announcement of the merger of Upbit parent company Dunamu and Naver Corp. to coincide, which was officially announced a day before the hack. This merger could potentially lead to a US listing.

Overall, the incident shows that cybercrime in the cryptocurrency space is an ongoing problem that affects both companies and users. The South Korean authorities are called upon to take effective measures to better counteract such threats in the future.