Upbit Loses $30M in Hack Likely Linked to North Korea’s Lazarus Group
South Korea's leading cryptocurrency exchange, Upbit, was hacked on 14th of November and took a huge hit, losing over 44.5 billion...
Quick overview
- Upbit, South Korea's leading cryptocurrency exchange, was hacked on November 14, resulting in a loss of over 44.5 billion won (approximately $30 million) in digital assets.
- Insiders suspect the North Korean state-sponsored Lazarus Group may be behind the attack, which involved stealing at least 24 Solana-based tokens from a hot wallet.
- Upbit has suspended all deposits and withdrawals and promised to reimburse affected users from its reserves, although details of the hack are still unclear.
- The timing of the hack coincided with a significant corporate announcement, raising suspicions that it may have been a strategic move by the attackers.
South Korea’s leading cryptocurrency exchange, Upbit, was hacked on 14th of November and took a huge hit, losing over 44.5 billion won in digital assets, worth roughly $30 million. It’s not clear who was behind it, but insiders are saying it might be the infamous North Korean state-sponsored Lazarus Group, which has been at it since a similar 2019 hack on Upbit.
The assets stolen included at least 24 Solana-based tokens from a hot wallet, prompting Upbit to suspend all deposits and withdrawals immediately. Upbit’s been pretty forthcoming about it, though – they’ve promised to reimburse users from their own reserves, although we still don’t have the full breakdown of what went down in the hack.
Analysts are reviewing the whole thing and think that Lazarus might have targeted the exchange’s admin accounts rather than the core servers, a move consistent with how they typically operate. This often involves using highly sophisticated social engineering, such as phishing or targeting developers.
🏮BREAKING:
UPBIT APPEARS TO HAVE BEEN HACKED, WITH $36.8M IN SOLANA ASSETS MOVED TO UNKNOWN WALLETS 😱. pic.twitter.com/9Hc1wTo8dM
— REAL F-SON-G (@real_fsong) November 28, 2025
Lazarus Group’s Global Crypto Threat
Lazarus Group has been causing a lot of trouble in the crypto world for a decade now, stealing huge amounts of digital assets and channeling them to fund North Korea’s weapons programs.
Key characteristics of Lazarus operations:
- Use of complex social engineering, including phishing and developer-targeted exploits.
- Laundering stolen crypto through stablecoins like USDC and bridging to Ethereum.
- Employing privacy tools, such as crypto mixers, to obscure asset traces.
- Targeting exchanges around significant corporate announcements to maximize impact.
Lazarus Group has been causing a lot of trouble in the crypto world for a decade now, stealing huge amounts of digital assets and channeling them to fund North Korea’s weapons programs.
Market Timing and Strategic Impact
The Upbit hack coincided with Naver Corp announcing that it was merging with Upbit’s owner, Dunamu, which will help pave the way for a US stock listing and expand the exchange’s global reach. This all happened just as people were paying attention, and it looks like the hack was some ‘publicity stunt’.
We know that Lazarus has been a thorn in the side of the global community for years now. Analysts from Dethective found that the stolen funds were converted to USDC and then transferred to Ethereum, a common tactic by the Lazarus group.
The hack at Upbit is a timely reminder of how insecure the whole crypto sector is – it just highlights the need for better security, closer international cooperation when it comes to regulations, and for keeping a close eye on these sorts of actors.
- Check out our free forex signals
- Follow the top economic events on FX Leaders economic calendar
- Trade better, discover more Forex Trading Strategies
- Open a FREE Trading Account
Save