South Korea Probes Lazarus Group After Upbit’s 44.5B KRW Crypto Breach

• Upbit suffers a major hot-wallet breach, causing severe security concerns nationwide.
• Investigators suspect Lazarus’ involvement based on repeated methods and transfer behavior.
• Authorities intensify inspections as the incident overlaps with major corporate developments.

South Korea’s largest crypto exchange, Upbit, is dealing with a major security breach that resulted in the loss of about 44.5 billion KRW. The attack targeted a hot wallet, and early signs point toward the hacking group Lazarus, which has a history of striking digital asset platforms.

Authorities began an urgent review on-site, checking internal systems, access points, and the possibility of an internal credential compromise. The scale of the incident has turned it into one of the country’s most serious digital thefts this year.

Government officials are considering multiple scenarios. One central question involves how the attackers gained access to account permissions. Investigators believe the hackers may have stolen managerial credentials or impersonated an administrator. The breach resembles the 2019 case in which 58 billion KRW in Ethereum disappeared from Upbit under similar circumstances. The repetition strengthens the suspicion that the same group may be responsible.

Also Read: Ethereum Faces Key Resistance at $3,100 Amid Rising Futures Interest and Volatility

Lazarus Methods Emerge in Early Tracing Efforts

The security analysts identified signs relating to the operations of the Lazarus Group shortly after the occurrence. Funds were passed through a series of addresses in quick succession, a process referred to as hopping. Later, the money passed through launders, which makes tracking difficult. All these money launderers have traditionally appeared in previous attacks related to the Lazarus Group when they needed money from abroad and preferred to target giant exchanges based in Asia.

The international context also matters. In the case of nations that follow global standards against money laundering, the scope of mixing operations decreases since there are few places where such money can safely flow. It has long been believed that these players are likely to have something to do with the criminals in question; final verification will come from ongoing forensic analysis. Upbit remains in cooperation with government agencies, further bolstering wallet security.

Hack Incident Overshadows Naver–Doo Tree Integration

The hack took place on the same day that Naver and Doo Tree are about to detail how they plan to move forward in terms of integrating the operations of affiliates. The two companies held the meeting at Naver 1784 in Seongnam to share the five-year plan and how the collaboration between the two will influence AI, Web3, and the expansion of the platform. It was an interesting time to have such an important meeting.

Regulators also remain active. The Financial Supervisory Service, Financial Security Agency, and Korea Internet Security Agency have dispatched members to review Upbit’s operation. The review was based on last year’s guideline that included data from exchange users in the Credit Information Act. They want to know how the data breach took place and how future incidents can be prevented in the growing crypto market.

Also Read: Nina Rong Joins BNB Chain to Solve Liquidity Discovery Challenges in 2025