Solana News Today: Upbit's $36M Hack Unveils Sector's Weakness to State-Sponsored Attacks

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Friday, Nov 28, 2025 4:56 am ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- South Korea's Upbit suffered a $36.9M hack by North Korea's Lazarus Group, exploiting private keys to steal

Solana
tokens from hot wallets.

- Upbit froze transactions and shifted assets to cold storage, while operator Dunamu faces regulatory scrutiny over $25M AML violations and delayed breach reporting.

- Lazarus' sophisticated multi-chain laundering tactics, including rapid token conversion and cross-chain obfuscation, confirm state-sponsored capabilities in crypto theft.

- The breach threatens Dunamu's $10.3B Naver merger approval and highlights sector vulnerabilities, prompting emergency security inspections and potential 2026 AML reforms.

South Korea's largest cryptocurrency exchange, Upbit, has become the target of a $36.9 million hack

attributed to North Korea's Lazarus Group
, with experts asserting that only the state-sponsored hackers could have exploited private keys to execute the breach. The incident, which occurred on November 27, involved the theft of 24 Solana-based tokens from hot wallets,
prompting immediate action from Upbit
to freeze deposits and withdrawals while shifting remaining assets to cold storage. CEO Oh Kyung-seok of Upbit operator Dunamu
confirmed the exchange would cover the full loss
, ensuring no financial impact on users.

The hack resurfaces amid ongoing regulatory scrutiny for Dunamu, which recently faced a 35.2 billion-won ($25 million) fine

from South Korea's Financial Intelligence Unit (FIU)
for anti-money laundering and know-your-customer violations. The FIU cited 5.3 million cases of customer verification lapses and 15 unreported suspicious transactions during its inspection. This regulatory pressure coincides with broader efforts by South Korean authorities to tighten oversight of the digital asset sector,
including expanded anti-money laundering (AML) enforcement
and new rules targeting sub-$680 crypto transfers.

Analysts point to the sophistication of the breach as a key indicator of Lazarus Group involvement.

On-chain data revealed
the attacker rapidly converted stolen
Solana
tokens into
Ethereum
across 185 wallets, leveraging cross-chain bridging to obscure the trail. "The use of multi-chain laundering techniques and the speed of asset conversion are hallmarks of Lazarus," said a blockchain security expert,
adding that the group's 2019 theft of 342,000 ETH
from Upbit-now valued at over $1 billion-demonstrates a pattern of advanced cyberattacks.
South Korean officials, including the Korea Internet & Security Agency (KISA),
have launched emergency inspections
to assess Upbit's security failures.

The hack has also cast doubt on Dunamu's $10.3 billion merger with Naver,

announced on the same day as the breach
. Regulators have
suspended new user sign-ups for three months
and are investigating delayed reporting of the incident. Market observers note the timing of the merger announcement alongside the security lapse could delay regulatory approval, compounding Dunamu's challenges.

Upbit's response has included

freezing $2.3 billion worth of Solayer tokens
on-chain and collaborating with project teams to track remaining assets. However, the exchange has not disclosed technical details of the breach, leaving questions about whether private key compromises, infrastructure vulnerabilities, or insider access were exploited. Meanwhile, the incident has
disrupted arbitrage mechanisms
, causing Solana-based tokens to trade at significant premiums on Upbit compared to global markets.

The breach underscores the vulnerability of even major exchanges to state-sponsored cyberattacks, with Lazarus Group's capabilities in crypto theft increasingly recognized as a global threat. South Korea's Financial Services Commission has yet to issue a public statement on the incident, though the country's AML framework is expected to face further revisions in 2026.