TechFlow news, November 28 — According to Yonhap News Agency, authorities are increasingly suspecting the North Korean hacking group Lazarus as the mastermind behind the theft of 44.5 billion KRW (Upbit officially disclosed 54 billion KRW) from South Korea's largest virtual asset exchange Upbit.
The attack occurred in a hot wallet, using the same method as the 2019 incident where 58 billion KRW worth of Ethereum was stolen from Upbit. Government sources indicated that attackers may have transferred funds by stealing administrator credentials or impersonating administrators.
Security experts noted that after the attack, hackers moved the funds to wallets on other exchanges and performed coin mixing operations, a typical tactic used by the Lazarus group. Since countries that joined the Financial Action Task Force on anti-money laundering cannot conduct such mixing activities, this further points to North Korea as the likely perpetrator.
Notably, the incident occurred on the same day as the press conference regarding the merger between Naver Financial and Dunamu, leading experts to speculate that this timing may reflect the hackers' intent to show off. Currently, institutions including the Financial Supervisory Service and the Korea Internet & Security Agency are conducting on-site inspections at Upbit.
