South Korea’s largest cryptocurrency exchange, Upbit, suspended deposits and withdrawals on Thursday after detecting unusual activity in Solana tokens. The exchange confirmed that a hot wallet had been compromised, with unauthorized withdrawals totaling approximately 54 billion Korean won (around $36–$37 million). This is Upbit’s second major hot wallet hack in six years.
Authorities are investigating the incident and are reportedly considering the North Korea-linked Lazarus Group as a potential suspect. The attack may have involved hijacked or impersonated admin credentials, echoing tactics used in Upbit’s 2019 hack. Security analysts also noted that stolen funds could have been laundered through mixing services, a method historically associated with Lazarus operations.
The breach occurred on November 27, coinciding with a high-profile merger announcement between Upbit’s parent company, Dunamu, and Korean tech giant Naver. Experts suggested the timing may have been deliberate to draw attention.
