Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange

Steven

Officials accuse North Korea’s Lazarus of $30 million theft from crypto exchange

Summary

South Korean officials say a suspected North Korean state-backed hacking group, Lazarus, is likely behind an attack that saw about $30 million stolen from Upbit, South Korea’s largest cryptocurrency exchange. Investigators point to techniques used to impersonate administrators and the laundering patterns of the funds as indicators linking the theft to Lazarus.

Upbit labelled the incident an “abnormal withdrawal”, has suspended deposits and withdrawals, and says it will cover the losses. The company moved assets into cold wallets and is tracking some stolen funds in an effort to freeze them. Officials noted similarities with a 2019 Upbit heist also attributed to Lazarus.

Key Points

  • About $30 million was taken from Upbit through what the company calls an “abnormal withdrawal.”
  • South Korean investigators suspect the Lazarus Group, a North Korean state-linked hacking organisation, based on attack techniques and laundering methods.
  • Upbit has suspended deposits and withdrawals, moved assets to cold wallets and committed to covering customer losses.
  • Some stolen funds have been tracked to another wallet; authorities and the exchange are attempting to freeze assets.
  • The incident echoes a 2019 Upbit theft and follows a string of high-value crypto heists tied to Lazarus, which blockchain monitoring firms say have netted North Korea large sums over recent years.

Context and relevance

The suspected involvement of Lazarus links this theft to a broader, well-documented campaign of state‑backed crypto thefts that have funded North Korea’s programmes. For exchanges, custodians and regulators, it underscores ongoing vulnerabilities in platform security and the persistent risk of sophisticated, nation‑level actors exploiting crypto infrastructure.

This attack also comes immediately after Naver’s reported purchase of Upbit’s parent company Dunamu, which adds commercial and regulatory implications as ownership and oversight change hands.

Why should I read this

Because this isn’t just another crypto heist — it’s a likely state‑backed job hitting a major exchange. If you work with digital assets, handle exchange risk, or follow geopolitical cyber activity, the tactics, response and fallout here matter. We’ve pulled the essentials so you don’t have to wade through the full thread of technical and regulatory detail.

Source

Source: https://therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange