Upbit $30 Million Hack Update: Authorities Link Breach To North Korean Hackers

Overview

South Korea’s largest cryptocurrency exchange, Upbit, is facing regulatory scrutiny following a significant hack that resulted in the unauthorized withdrawal of a substantial amount of assets. The breach, which affected multiple tokens on the Solana network, has prompted Upbit to take immediate action to secure its platform and investigate the incident.

Details of the Hack

Upbit reported that the recent cyber attack led to the unauthorized withdrawal of approximately $36.9 million in assets from its platform. This incident has raised alarms among regulators, leading to an investigation into the circumstances surrounding the breach.

Authorities are exploring the potential involvement of North Korean hackers, specifically the Lazarus Group, which has been linked to several notable crypto heists in the past. Upbit described the incident as an “abnormal withdrawal,” and the investigation has drawn parallels to a previous hack in which Upbit lost a significant amount of Ethereum to North Korean hackers.

The South Korean National Police Agency has initiated an investigation, although no further details have been provided by officials. Upbit’s operator, Dunamu, confirmed that they are conducting an in-depth investigation to understand the cause and scale of the asset outflow.

Upbit’s Response

In response to the breach, Upbit’s CEO, Oh Kyung-seok, announced that the exchange suspended all deposit and withdrawal services immediately after detecting the abnormal activity. The company has prioritized the protection of user assets and is currently conducting a comprehensive inspection.

To mitigate further risks, Upbit has moved all remaining assets to cold storage and is working with relevant project teams to freeze assets on-chain. The exchange has already blocked a portion of the stolen funds linked to the cryptocurrency Solayer. Upbit has stated that deposits and withdrawals will only resume after thorough security checks are completed. Additionally, Dunamu has committed to reimbursing customers for any losses incurred as a result of the hack.

Impact on the Crypto Market

• Increased scrutiny from regulators on cryptocurrency exchanges may lead to more stringent security measures industry-wide.
• The potential involvement of North Korean hackers could heighten concerns about the security of digital assets.
• Users may experience reduced confidence in exchanges, leading to fluctuations in trading volumes and market activity.
• The incident underscores the need for enhanced cybersecurity protocols among cryptocurrency platforms.
• Ongoing investigations may result in further revelations that could impact the reputation of affected exchanges and the broader crypto ecosystem.

Updated: 11/29/2025, 7:21:28 AM