North Korea’s notorious cybercrime unit, Lazarus Group, is suspected of orchestrating a major cryptocurrency breach that drained roughly $30.6 million from South Korea’s largest exchange, Upbit. Key Takeaways: North Korea’s Lazarus Group is suspected of stealing about $30.6 million from Upbit. Upbit operator Dunamu said it will fully reimburse users and has halted transactions. Officials say the stolen funds were rapidly laundered through multiple wallets, a tactic Lazarus has used in past. Authorities are preparing to conduct an on-site inspection at the exchange, following signs that the attack may be tied to the same actors behind previous intrusions attributed to Lazarus, Yonhap News reported , citing government and industry sources. The group has previously been linked to crypto thefts aimed at generating revenue for Pyongyang amid persistent foreign currency shortages. Dunamu to Reimburse Users After $30M Solana-Linked Hack at Upbit Upbit’s operator, Dunamu, confirmed that Solana-linked assets worth 44.5 billion won were transferred to an unauthorized wallet on Thursday. The company said it will reimburse users in full using its own reserves and moved quickly to halt withdrawals and deposits as internal checks were launched. Investigators said the techniques used in the breach closely resembled the 2019 incident in which attackers allegedly stole 58 billion won in Ethereum from the same platform. Officials believe this time the hackers may have bypassed core infrastructure by impersonating administrators or compromising internal accounts to authorize the withdrawal. Security officials said the funds were swiftly moved through wallets associated with other platforms, indicating an attempt to obscure transaction trails through laundering tactics that Lazarus has used in past operations. “It is their standard approach to scatter tokens across multiple networks to break tracking,” one official said. today south korea blamed north korea for the upbit hack nice headline but that part came later so what actually happened? an unknown attacker drained a few of upbit’s hot wallets waited a bit then started moving funds across chains at some point the hacker bridged usdc from… pic.twitter.com/swq8yjIOLR — trix (@trixwtb) November 28, 2025 Analysts noted that Lazarus has repeatedly targeted high-profile crypto platforms to maximize impact and exposure, suggesting the attack may have been deliberately staged to exploit heightened public attention. Earlier this month, South Korea said it may reconsider its sanctions approach toward North Korea after new US measures connected Pyongyang’s crypto theft operations to the funding of its weapons programs. Second Vice Foreign Minister Kim Ji-na said Seoul could “review sanctions as a measure if they are really needed,” stressing close coordination with Washington to counter North Korea’s growing cyber and digital threats. “In cases of cryptocurrency theft by Pyongyang, coordination between South Korea and the US is important, as it can be used to fund North Korea’s nuclear and missile programs and pose a threat to our digital ecosystem,” Kim stated. Naver Announces Plan to Acquire Dunamu The breach came a day after Naver announced a plan to acquire Dunamu via a share-swap deal through its finance arm, putting the exchange in the national spotlight. Meanwhile, Naver Financial, the fintech arm of South Korean internet giant Naver, is preparing to roll out a stablecoin wallet in Busan as part of the city’s ongoing push to build a blockchain-powered local economy. Naver has reportedly finished development of the wallet, which is now undergoing final checks before its scheduled launch next month. The project is being built in partnership with venture capital firm Hashed and the Busan Digital Asset Exchange (BDAN), the entity behind Busan’s broader digital asset strategy. The post North Korea’s Lazarus Group Linked to $30M Hack at South Korean Exchange Upbit appeared first on Cryptonews .
