N. Korean hacking group Lazarus suspected behind recent crypto hacking: sources
North Korean hacking group Lazarus is suspected to be behind a breach of around $30.6 million worth of cryptocurrency from South Korea’s largest crypto exchange Upbit, sources said Friday. This photo, taken Thursday, shows the logo of Dunamu at the headquarters of Naver Corp. in Seoul. Photo by Yonhap
North Korean hacking group Lazarus is suspected to be behind a recent breach of around 45 billion won (US$30.6 million) worth of cryptocurrency from South Korea’s largest crypto exchange Upbit, sources said Friday.
According to government and business sources, authorities plan to carry out an on-site investigation at the crypto exchange with a belief that Lazarus was behind the hacking.
Dunamu, which operates Upbit, said Thursday it confirmed the transfer of 44.5 billion won worth of Solana-affiliated assets to an unauthorized wallet address and plans to cover the full amount with assets the company owns.
The hacking group had been suspected of stealing 58 billion won worth of Ethereum from Upbit in 2019.
Authorities said the methods used in the latest incident resembled those of the 2019 theft.
“Instead of attacking the server, it is possible that hackers compromised administrators’ accounts or posed as administrators to make the transfer,” a government official said.
Experts note the hacking incident came while Pyongyang is seeking to raise money amid a shortage of foreign currency.
“It is the tactic of Lazarus to transfer crypto to wallets at other exchanges and attempt money laundering,” a security official said, noting such methods make it impossible to track the transaction.
Others said hackers may have intentionally chosen Thursday for their attack, as Naver Corp., South Korea’s top search engine operator, announced its decision on the previous day to acquire Dunamu as a wholly owned subsidiary of Naver Financial through a share-swap deal.
“Hackers have a strong tendency toward self-display,” another security official said.
