Ethereum News Today: Lazarus Group's Multi-Chain Heist Exposes Crypto Exchange Weaknesses
Aime SummarySouth Korean authorities have linked the $30 million hack of cryptocurrency exchange Upbit to North Korea's Lazarus Group, a hacking unit tied to the country's intelligence apparatus. The breach, which occurred on November 27, involved advanced multi-chain laundering techniques using SolanaSOL-- and EthereumETH--, with stolen assets rapidly dispersed across 185 wallets and converted into ETH within hours. The attack mirrored methods used in a 2019 incident at Upbit, where 342,000 ETH were stolen, further strengthening suspicions of Lazarus's involvement. Government officials noted that the hackers likely compromised administrator accounts or impersonated administrators rather than directly attacking servers, a tactic consistent with past Lazarus operations.
The hack has intensified regulatory scrutiny of Upbit's parent company, Dunamu, which now faces a record 35.2 billion won fine for delayed reporting and data-handling issues. The breach also threatens the $10.3 billion merger between Dunamu and Naver, announced on the same day as the hack. Regulators have frozen license renewals for major Korean exchanges for over a year, compounding Dunamu's challenges. Upbit has pledged to fully compensate affected users, freezing deposits and withdrawals on the Solana network and shifting 70% of assets to cold storage to prevent further losses.
On-chain analysis revealed the sophistication of the attack. The hackers used Solana-based tokens to bridge funds to Ethereum, leveraging liquidity pools through platforms like Allbridge. Market observers noted that the rapid transfers left detectable traces, though the mixing of funds across chains obscured the trail. The Financial Services Commission has classified user transaction data as sensitive under the Credit Information Act, intensifying its probe into Upbit's security practices.
The timing of the hack has raised eyebrows. It occurred as Dunamu and Naver announced their merger, a move aimed at consolidating South Korea's crypto ecosystem. Experts speculate the attack may have been timed to disrupt the merger, with hackers potentially "showing off" by striking during a high-profile event. This theory aligns with Lazarus's history of targeting critical economic infrastructure, particularly during periods of geopolitical tension.
North Korea's reliance on cyberattacks to generate foreign currency further contextualizes the breach. The country's severe economic sanctions have pushed its hacking units to exploit digital assets, with Lazarus previously linked to major heists in South Korea and globally. The Korea Internet & Security Agency (KISA) and financial regulators have launched emergency inspections of Upbit, underscoring the gravity of the incident.
As investigations continue, the incident highlights vulnerabilities in crypto exchange security and regulatory frameworks. Upbit's repeated breaches-both in 2019 and 2025-raise questions about the adequacy of safeguards for hot wallets and cross-chain transactions. Meanwhile, the Lazarus Group's evolving tactics, including rapid multi-chain laundering, pose a growing threat to global digital asset markets.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet