History of Thefts on South Korean Crypto Platforms: Upbit Once Lost 342,000 ETH to North Korean Hackers, Bithumb Hacked Four Times with Recurring Vulnerabilities

South Korea, as one of the world's most active cryptocurrency trading markets, has seen its trading platforms repeatedly become prime targets for hacker attacks. Among them, the two most representative exchanges—Upbit and Bithumb—have both experienced multiple serious security incidents, resulting not only in massive asset losses but also raising widespread doubts about South Korea's crypto asset regulation and platform security systems.

The first to bear the brunt was Upbit, South Korea's largest crypto trading platform. As early as November 27, 2019, the platform suffered a hot wallet breach, with a staggering 342,000 Ethereum (ETH) transferred to unknown addresses, valued at approximately $50 million at the time. Multiple investigations pointed to the North Korean-backed hacker group Lazarus Group as the perpetrator. Following the incident, Upbit quickly activated its crisis response mechanism, announced full compensation for user losses using its own funds, and suspended platform trading for two weeks. Subsequently, the platform significantly increased its cold wallet asset storage ratio to 70%, attempting to enhance system protection at the technical architecture level.

However, these security enhancements did not completely eliminate risks. In the early hours of November 27 this year, Upbit again detected abnormal withdrawal activities, resulting in the theft of approximately 54 billion Korean Won (around $36 million) worth of digital assets related to the Solana network, involving various tokens such as 2Z, ACS, BONK, DOOD, TRUMP, USDC, and W. The platform immediately suspended deposit and withdrawal services for the affected networks and reiterated that it would cover all customer losses. Notably, just one day before the attack, South Korea's largest media group, Naver, announced the acquisition of Upbit's parent company, Dunamu, in an all-stock transaction valued at $10.3 billion. This coincidence in timing introduces new uncertainties regarding the platform's future governance structure and corporate security strategy.

Compared to Upbit, the security vulnerability history of South Korea's second-largest trading platform, Bithumb, is even more checkered. Since 2017, the platform has suffered at least four major hacker intrusions. In February 2017, attackers stole user data and pilfered approximately $7 million in assets by compromising an employee's computer, subsequently using the leaked information to launch phishing attacks, causing cascading losses. In June of the same year, the platform again suffered a breach of internal computers, leading to the exposure of personal information of 31,000 users and subsequent fund theft of about $1 million.

On June 20, 2018, Bithumb's hot wallet was breached again, losing approximately $32 million in assets, with the Lazarus Group also blamed as the mastermind behind the attack. Post-incident, the platform suspended trading and moved assets to cold storage, ultimately compensating users for half the losses and successfully recovering the other half. However, the security vulnerabilities did not end there. On March 29, 2019, Bithumb experienced another abnormal hot wallet withdrawal incident, with large amounts of EOS and XRP transferred out, resulting in losses of around $19 million. Due to suspicions of internal collusion in this event, South Korean police launched an investigation, and the platform ultimately fully compensated the affected users.

This series of security incidents not only exposes systemic weaknesses in hot wallet management, internal access controls, and employee security awareness within South Korean crypto trading platforms but also highlights the persistent threat posed by state-level hacker groups to the digital asset领域. Although both Upbit and Bithumb demonstrated a strong willingness to compensate users after the incidents, the frequent security breaches continue to erode investor confidence. As cryptocurrency gradually integrates into the mainstream financial system, building more robust technical defenses, improving internal risk control mechanisms, and promoting the establishment of industry-wide security standards have become urgent core issues for digital asset trading platforms in South Korea and globally.

News

Category

Latest Post

A-shares experienced a surge in the afternoon, with the ChiNext Artificial Intelligence ETF Hua Xia (159381) rising over 1%. The 800 billion yuan blue ocean of AI infrastructure is driving a revaluation of the industrial chain

Gold prices staged a strong rebound in the afternoon, reclaiming the $4,250 mark, with market focus on tonight's PCE price index

A-Share “Whistleblower” Suddenly Releases Major Positive News! Non-Bank Financial Sector Surges Collectively, Bank of China Securities Hits Limit Up

Hong Kong Stock Connect Technology ETF (513020) sees net inflows of over 200 million yuan in the past 10 days, with market focus on the long-term logic of the technology sector

U.S. Computer Hardware Stocks Soar, SanDisk Surges Nearly 10%, ATRenew Gains Nearly 9%, Over 100,000 Cryptocurrency Traders Liquidated

Deepening South-South Technological Cooperation, Building a Sustainable Future Together: AETDEW and AB Charity Foundation Sign Strategic Cooperation Memorandum

The emerging decentralized AI computing power network, DeepNode, announces the completion of a $5 million phased financing round, advancing distributed computing evolution with a two-tier valuation structure

Polymarket is actively building an internal market-making team to enhance platform trading liquidity and competitiveness

Digital Asset Holdings, a Blockchain Company Focused on the Financial Sector, Completes a New $50 Million Funding Round

Base and Solana Asset Bridge Officially Launches: A Key Step in Cross-Chain Ecosystem Integration

Quick Links

language