Key Insights
- CryptoQuant CEO Ki Young Ju has hinted at the possibility that North Korea’s Lazarus Group may be behind the recent attack on Upbit.
- The Korean exchange recently came under attack, with hackers stealing nearly $37 million worth of various Solana-based assets.
- The link to the Lazarus Group follows the group’s track record of executing some of the major recent exchange hacks.
CryptoQuant CEO Ki Young Ju hinted that North Korea’s Lazarus Group carried out the recent exploit on Upbit. He argued that the attack resembled methods the group used in previous exchange hacks.
Ju suggested that the attack pattern resembles a similar method used by the Lazarus Group. His speculation is likely due to the group’s track record of attacking cryptocurrency exchanges.
CryptoQuant CEO Links Upbit Hack to Lazarus Group
On Nov. 27, Upbit, South Korea’s largest cryptocurrency exchange, was hacked for approximately 54 billion Korean Won (~$36.8 million). The exploit caused the exchange to halt transaction activities to examine the abnormal withdrawals from one of its hot wallets.
The firm noted that the attack only affected assets on the Solana network. These included SOL, 2Z, ACS, BONK, DOOD, DRIFT, JUP, LAYER, PENGU, PYTH, RENDER, SONIC, TRUMP, and USDC, among others. Following the exploit, the exchange stated that it immediately transferred all assets to a secure cold wallet to prevent further attacks.
Upbit revealed in a post-mortem report that the exploit was due to a security vulnerability allowing private key inference. The exchange’s statement suggested that by analyzing publicly disclosed wallet transactions, the attackers may have deduced private keys.
In response, Ki Young Ju suggested that North Korea’s Lazarus Group could be responsible for the exploit. According to him, only the Lazarus Group could have carried out such an attack, considering their industry track record.
However, Upbit stated that it has addressed the vulnerability and is also actively tracking the stolen digital assets.
The statement disclosed that about 44.5 billion won ($30.2 million) in damaged assets have been identified. Customers’ assets amounted to 38.6 billion won (~$26 million), with 2.3 billion won ($1.56 million) already frozen. Upbit’s own assets were valued at approximately 5.9 billion won (roughly $4 million).
Amid this, the exchange noted that all affected users have been fully compensated with Upbit-held assets.
Notably, the exploit represents the latest attack on Upbit. In 2019, attackers stole 342,000 ETH from Upbit’s hot wallet, marking one of the biggest Ether thefts at the time.
The exchange’s status as the biggest in South Korea positioned it as an attractive target for hackers. Hence, the exchange countered a 1,800% surge in hacking attempts in the first half of 2023 alone.
While the Lazarus Group hasn’t taken responsibility for the latest incident, experts believe that the style fits the group’s pattern.
Lazarus Group Behind Major Exchange Hacks
Lazarus Group, an infamous hacking group reportedly linked to the North Korean regime, gained fame via its daring cyberattacks.
The group shifted its attention from targeting other governments and businesses to focusing on the crypto industry in recent years. During this period, the group has carted away billions of dollars’ worth of various digital assets.
The hackers executed their biggest attack on Bybit earlier this year, stealing roughly 400,000 ETH. The assets, worth approximately $1.5 billion at the time, were stolen through a vulnerability in a third-party wallet.
Before this, Lazarus attacked KuCoin in 2020, as well as Ronin Bridge and Axie Infinity, alongside Harmony Horizon Bridge in 2022. Each of these attacks led to over $100 million in losses, with the Ronin Bridge incident surpassing $600 million.
These incidents suggest that bad actors are intensifying their activities despite increased security measures.
Oluwapelumi Adejumo is an experienced cryptocurrency journalist who has contributed to leading blockchain news platforms, including CryptoSlate and BeInCrypto.
