South Korean crypto giant Upbit suffered a 44.5bn won ($30.4mn) theft of Solana-based assets on Thursday, just one day after its parent company Dunamu agreed to a massive acquisition by tech conglomerate Naver.
The breach has triggered an investigation by local authorities, who reportedly suspect North Korea's Lazarus Group is behind the attack.
The "Welcome" Gift
The timing of the exploit is surgical. On Wednesday, Naver Financial announced a share-swap deal to acquire Dunamu, valuing the combined fintech entity at nearly $10bn. The hack occurred the very next morning at 04:42 local time (19.42 UTC the previous day), targeting Upbit's hot wallets while the industry was still digesting the merger news.
Lazarus Suspected
According to Yonhap News Agency, investigators believe the attack bears the signature of the Lazarus Group, the state-sponsored North Korean hacking syndicate.
- Methodology: The attack vector mirrors a 2019 incident where 58bn won ($41mn) in Ethereum was stolen from Upbit, a theft also attributed to North Korean operatives.
- Targeting: The breach drained 24 types of Solana-based assets, including SOL, USDC, and meme coins like BONK and TRUMP.
- Response: Upbit has suspended all deposits and withdrawals and pledged to cover the 44.5bn won loss from its corporate treasury.
Onchain Forensics
Upbit has successfully frozen 2.3bn won ($1.6mn) in Solayer (LAYER) tokens, but the bulk of the funds, including substantial amounts of SOL and USDC, were transferred to an unidentified external wallet. The exchange is currently working with issuers to freeze additional assets where possible.
You must be logged in to post a comment.