South Korea's Crypto Growth Halted by Security Crisis as Upbit's $30M Heist Exposes Merger Risks

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Saturday, Nov 29, 2025 11:38 pm ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- South Korea's Upbit suffered a $30.6M cyberattack by North Korea's Lazarus Group, prompting security upgrades amid its $10.3B Naver Financial acquisition.

- The breach exploited compromised credentials to steal Solana-linked tokens, triggering user reimbursements and regulatory scrutiny over delayed reporting.

- Naver's shares fell 2.8% as merger risks emerged, with authorities investigating Upbit while debates intensified over North Korea sanctions and crypto security gaps.

- Upbit shifted assets to cold storage and apologized publicly, but the incident highlights vulnerabilities in South Korea's crypto market expansion plans.

South Korea's leading cryptocurrency exchange Upbit is

accelerating a security overhaul
following a $30.6 million cyberattack attributed to North Korea's state-sponsored Lazarus Group. The breach, which targeted Solana-linked assets in Upbit's hot wallet, has intensified scrutiny of the exchange's defenses as it navigates a broader corporate transformation. Naver Financial, the fintech arm of South Korean tech giant Naver,
announced a $10.3 billion stock-swap acquisition
of Upbit's parent company, Dunamu, in September, a deal expected to solidify its dominance in the country's digital asset market. The merger, set to finalize in June 2026, aims to leverage Upbit's market leadership while addressing vulnerabilities exposed by the recent attack.

The cyberattack,

detected on November 27
, involved the unauthorized transfer of 44.5 billion won ($30.6 million) in assets, including tokens like
BONK
, TRUMP, and SOL, to an unverified wallet. Dunamu confirmed the breach and
pledged to reimburse affected users
using its own reserves, freezing withdrawals and deposits to prevent further losses. Authorities suspect Lazarus exploited compromised admin credentials or impersonated internal accounts to execute the heist,
a tactic consistent with the group's 2019 theft
of $40 million in
Ethereum
from the same platform. The stolen funds were
rapidly laundered across multiple wallets
, complicating tracking efforts.

The timing of the attack—occurring just days before the six-year anniversary of Upbit's 2019 breach and amid the Naver merger announcement—has raised questions about potential coordination.

Naver's shares fell 2.8%
following the incident, reflecting investor concerns over the acquisition's risks. The merger,
valued at 15.1 trillion won
, will issue 87.56 million new shares to Dunamu shareholders and is subject to regulatory approvals, including a Fair Trade Commission review. Naver Financial has also
outlined plans for a Korean won-backed stablecoin
project post-acquisition, aligning with South Korea's evolving crypto regulatory landscape.

The attack underscores the persistent threat posed by North Korean cyberoperations.

Lazarus, linked to the Reconnaissance General Bureau
, has orchestrated over $6 billion in crypto thefts since 2017, with nearly half attributed to the group. South Korea's financial regulators are now
investigating Upbit for delayed reporting
and data-handling practices, with unconfirmed reports suggesting potential restrictions on new user sign-ups. Meanwhile, the incident has
reignited debates over South Korea's sanctions policy
toward North Korea, with officials emphasizing the need for U.S. coordination to counter Pyongyang's funding of nuclear programs.

Upbit's response includes

shifting remaining assets to cold storage
and implementing onchain freezing mechanisms. The exchange's CEO, Oh Kyung-seok, apologized publicly and assured users of full compensation, though the broader market has seen Korean traders
capitalize on the disruption
, driving altcoin prices upward as arbitrage bots paused.

As the merger progresses, Naver and Dunamu face mounting pressure to bolster cybersecurity measures. The acquisition's success will hinge on addressing systemic vulnerabilities while navigating a regulatory environment that is cautiously embracing crypto innovation. With South Korea positioning itself as a digital finance hub, the Upbit incident highlights the delicate balance between growth and security in the crypto sector.