South Korean Authorities Suspect North Korean Hacker Group Lazarus Behind Yesterday's Upbit Attack

According to Yonhap News Agency, a major virtual asset exchange in South Korea, Upbit, suffered a large-scale hacking attack. Preliminary statistics indicate that the stolen virtual assets are worth as much as 44.5 billion KRW (equivalent to tens of millions of USD). This is yet another major security breach encountered by the exchange since 2019. Currently, South Korea's ICT industry and relevant government departments are urgently conducting an investigation, with suspicion focusing on the long-active, complex-background hacker group under the North Korean Reconnaissance General Bureau — the Lazarus Group.

Lazarus Group: A "Repeat Offender" Repeatedly Involved in Global Cyberattacks

As a primary cyber operations unit of North Korea, the Lazarus Group has long been regarded by multiple national cybersecurity agencies as a significant threat to the global financial system, particularly the cryptocurrency sector. The group is not only highly skilled in technical methods but also operates covertly, having been accused of involvement in numerous transnational cyberattacks and virtual currency theft cases. It is worth noting that this is not the first time the Lazarus Group has targeted Upbit. As early as 2019, the exchange was infiltrated by them, resulting in the loss of Ethereum worth approximately 58 billion KRW. The methods used in this incident are extremely similar to those used six years ago, further strengthening suspicions that the Lazarus Group is responsible again.

Attack Method Analysis: Possibly Account Theft and Social Engineering Attacks

According to sources from the South Korean government, preliminary investigations suggest that it is unlikely this attack was carried out by directly breaching the exchange's core servers. Instead, it is more probable that the hackers stole administrator account credentials or used social engineering tactics to impersonate internal administrators, thereby bypassing security protections to illegally authorize and execute large fund transfers. This method of attack is not only highly covert but also often difficult to detect promptly by conventional security systems. The source further stated, "Based on existing clues, the attack six years ago employed similar methods, leading us to highly suspect that this incident is the work of the same attackers."

South Korean Authorities' Response Measures and On-site Inspection

Following the incident, relevant South Korean departments responded swiftly and have initiated a comprehensive on-site inspection of Upbit. The aim is to conduct an in-depth analysis of system logs, trace fund flows, identify security vulnerabilities, and assess the exchange's overall security protection system. This inspection is not only to determine the specific details of this attack but also to strengthen the security baseline for South Korea's virtual asset trading platforms in the future and prevent similar incidents from recurring.

Impact and Warning: Virtual Asset Security Alarm Sounds Again

Upbit suffering another major hacking attack has not only caused significant financial losses but also impacted user confidence and industry reputation. This incident further highlights the vulnerabilities of virtual asset trading platforms in areas such as account management, internal permission controls, and protection against social engineering attacks. As the cryptocurrency market continues to develop, hackers' attack methods are also constantly evolving. How to build a more comprehensive, multi-layered security defense mechanism has become an urgent issue for global trading platforms and regulators to address.

If this incident is ultimately confirmed to be the work of the Lazarus Group, it will not only intensify cybersecurity tensions on the Korean Peninsula but also once again draw widespread international attention and condemnation towards North Korea's use of cyber attacks to obtain funds. South Korean authorities stated that they will continue to share intelligence with international partners, conduct thorough investigations, and take all necessary measures to safeguard national cybersecurity and financial stability.

News

Category

Latest Post

A-shares experienced a surge in the afternoon, with the ChiNext Artificial Intelligence ETF Hua Xia (159381) rising over 1%. The 800 billion yuan blue ocean of AI infrastructure is driving a revaluation of the industrial chain

Gold prices staged a strong rebound in the afternoon, reclaiming the $4,250 mark, with market focus on tonight's PCE price index

A-Share “Whistleblower” Suddenly Releases Major Positive News! Non-Bank Financial Sector Surges Collectively, Bank of China Securities Hits Limit Up

Hong Kong Stock Connect Technology ETF (513020) sees net inflows of over 200 million yuan in the past 10 days, with market focus on the long-term logic of the technology sector

U.S. Computer Hardware Stocks Soar, SanDisk Surges Nearly 10%, ATRenew Gains Nearly 9%, Over 100,000 Cryptocurrency Traders Liquidated

Deepening South-South Technological Cooperation, Building a Sustainable Future Together: AETDEW and AB Charity Foundation Sign Strategic Cooperation Memorandum

The emerging decentralized AI computing power network, DeepNode, announces the completion of a $5 million phased financing round, advancing distributed computing evolution with a two-tier valuation structure

Polymarket is actively building an internal market-making team to enhance platform trading liquidity and competitiveness

Digital Asset Holdings, a Blockchain Company Focused on the Financial Sector, Completes a New $50 Million Funding Round

Base and Solana Asset Bridge Officially Launches: A Key Step in Cross-Chain Ecosystem Integration

Quick Links

language