North Korea's Lazarus Group is suspected to have orchestrated the recent theft of roughly 44.5 billion won ($30.4 million) in crypto from Upbit, South Korea's largest crypto exchange, local media reported Friday.
Yonhap News Agency reported, citing anonymous government and industry sources, that authorities are preparing an on-site inspection of Upbit amid growing confidence that Lazarus was behind the security breach.
On Thursday, Upbit said it detected abnormal withdrawals in certain Solana-based crypto assets, and it immediately suspended deposit and withdrawal services and initiated an inspection.
Upbit initially reported a loss of 54 billion won ($36.8 million) but later revised the figure down to roughly 44.5 billion won ($30.4 million).
Specifically, the attack methods resembled those used in a 2019 theft, raising further suspicion that Lazarus may be involved, the authorities said. South Korean police concluded last year that Lazarus was behind the 342,000 ETH hack from Upbit in November 2019.
Rather than directly attacking servers, hackers likely compromised administrator accounts or impersonated administrators to authorize the transfers, a government official explained, according to Yonhap.
Meanwhile, onchain data shows that a wallet appearing to be tied to the Thursday hacker has swapped Solana for USDC and is bridging funds to Ethereum, according to blockchain analysis provider Dethective.
Upbit's Thursday hack came after Naver Financial officially confirmed the merger with Dunamu, the operating company behind Upbit. Naver Financial disclosed Wednesday that it will integrate Dunamu as its wholly-owned subsidiary to "secure future growth momentum based on digital assets."
