South Korea’s top cryptocurrency exchange, Upbit, temporarily suspended deposits and withdrawals on Thursday after detecting unusual activity in Solana tokens. The exchange confirmed that a hot wallet had been hacked, resulting in unauthorized withdrawals of roughly 54 billion Korean won (about $36–$37 million), marking its second major hot wallet breach in six years.
South Korean authorities are investigating the incident and reportedly suspect the North Korea-linked Lazarus Group. Officials believe the attack may have involved hijacked or impersonated admin credentials, similar to tactics used by Lazarus in Upbit’s 2019 hack. Analysts also noted that stolen funds may have been laundered through mixing services, consistent with Lazarus operations.
The breach occurred on November 27, coinciding with a major merger announcement between Upbit’s parent company, Dunamu, and tech giant Naver. A security expert suggested the date may have been chosen deliberately to maximize attention.
Share this content:
