North Korea’s Lazarus Group Suspected in Recent Upbit Hack

Upbit, South Korea’s biggest cryptocurrency exchange, suffered a $32 million loss in security breach. The country’s authorities are suspecting the infamous North Korean hackers, Lazarus Group could be behind it. The assault, which occurred on the morning of November 27, targeted Upbit’s hot wallets. The attack mirrors a 2019 incident where the platform lost Ethereum valued at 58 billion Won ($39.5 million).

Authorities believe the operation was conducted by the Lazarus Group, associated with North Korea. Government representatives, together with specialists in the information and communications technology (ICT) field, have launched an on-site review of Upbit’s systems.

A South Korean official stated that the assailants might have evaded server protections and instead infiltrated an administrator account. He explained that instead of attacking the server, it’s possible that the administrator account was compromised or that the funds were moved by impersonating the administrator. The approach closely resembles the technique employed in the 2019 heist. This strengthens suspicion that the same individuals are involved in this latest attack.

The stolen funds primarily consisted of tokens based on Solana, including SOL, USDC, and various lesser-known assets. Upbit reported that the unauthorised transactions were identified at approximately 4:42 a.m. KST, at which point deposits and withdrawals were suspended. The remaining funds were transferred to cold wallets as Upbit began collaborating with law enforcement and blockchain analysis teams.

Analysis After The Upbit Hack

Cybersecurity experts think Lazarus executed a complex attack scheme. Analysts indicate that victims were deceived into downloading a counterfeit installer for the Deriv trading platform. The malware used Python, .NET, and other mostly AI tools to collect sensitive information, including passwords and wallet credentials. The group reportedly employed AnyDesk backdoors and Tor to hide their actions and sustain extended access to infiltrated systems.

Analysts also believe that the pilfered assets may have been laundered through secondary exchange wallets. Experts warn that Lazarus Group frequently employ a diversity of methods to conceal their activities.

The incident happened on the same day of the official merger of Naver Financial with Dunamu, the parent company of Upbit. Security analysts suspect the timing could have been deliberate. One expert noted that “hackers often have a strong urge to showcase their skills.” The symbolic aspect of the assault corresponds with Lazarus’ track record of orchestrating actions to enhance their visibility and geopolitical impact.

Also, the incident has happened at a time of heightened global measures against North Korea’s cyber operations. The U.S. Treasury has recently imposed sanctions on various entities affiliated with Pyongyang. They include the Korea Mangyongdae Computer Technology Company and Ryujong Credit Bank. It sanctioned them for their involvement in laundering stolen cryptocurrency to support weapons development.

See Other Posts on this Site

Securing Your Crypto Wallet From hackers

Nigerian Firms are Prime Targets of Cyber Attacks in Africa – Report

Stolen Money Could be Used to Support North Korea’s Nuclear Program

In an interview with Yonhap News TV, Second Vice Foreign Minister Kim Ji-na highlighted the significance of collaboration between Seoul and Washington. He stated that stolen cryptocurrency could be redirected to support North Korea’s nuclear and missile programs.

The Financial Services Commission of South Korea oversees crypto exchanges in accordance with the Credit Information Act. Currently, the Financial Supervisory Service and the Financial Security Service are directly investigating the Upbit incident.

The recent Upbit breach highlights ongoing weaknesses in hot wallet systems and the growing sophistication of cybercriminal organisations linked to states. Officials state that enhanced operational security and increased global cooperation are crucial to addressing the threats posed by the Lazarus Group.