South Korea’s largest cryptocurrency exchange, Upbit, halted deposits and withdrawals on Thursday after detecting unusual activity involving Solana tokens. The exchange later confirmed that a hot wallet had been compromised, resulting in the unauthorized withdrawal of approximately 54 billion Korean won (around $36–$37 million). This marks Upbit’s second major hot wallet breach in six years.
Authorities are investigating the breach and are reportedly considering the North Korea-linked Lazarus Group as a potential culprit. Investigators suspect the attack may have involved hijacked or impersonated admin credentials, mirroring tactics used by Lazarus in Upbit’s 2019 hack. Analysts also noted that stolen funds may have been laundered via mixing services, a method previously associated with the group.
The incident occurred on November 27, coinciding with a major merger announcement between Upbit’s parent company, Dunamu, and Korean tech giant Naver. A security expert suggested the date may have been chosen deliberately to draw attention.
