Seoul, South Korea– South Korean government and business sources reported on Friday that the North Korean hacking group “Lazarus” is suspected of involvement
in a recent hacking operation targeting South Korea’s largest cryptocurrency exchange.
It is “Upbit”. The value of the stolen goods is estimated at
around 45 billion Korean won (equivalent to 30.6 million US dollars).
South Korean authorities are planning an immediate
on-site investigation into the cryptocurrency exchange.
With increasing belief that “Lazarus” is behind the incident.
Details of the breach and its modus operandi
Dunamu, which operates the Upbit exchange, confirmed on Thursday
that it had verified the transfer of Solana cryptocurrency
assets worth 44.5 billion won to an unauthorized wallet address.
The company announced that it would fully cover the stolen
amount using its own assets to ensure that users were not harmed.
Authorities indicated that the methods used in this incident were very similar
The same ones used in a previous theft targeting Upbit in 2019,
The group is suspected of having stolen 58 billion won
worth of the Ethereum currency at that time.
A government official was quoted as saying: “Instead of attacking the server,
It is likely that the hackers breached the accounts of officials.
Or they impersonated officials to carry out the transfer,”
according to Yonhap News Agency.
Money laundering tactics and their connection to foreign currency collection
Security experts link the incident to Pyongyang’s ongoing
efforts to raise foreign currency, especially given the shortages it faces.
A security official explained that the methods used are typical tactics of “Lazarus”;
They transfer the stolen cryptocurrency to wallets on
other exchanges and attempt to launder the money.
This makes tracking the transaction virtually impossible.
Timing of the attack
Others suggested that the hackers may have deliberately chosen Thursday to launch the attack.
This came just one day after Naver, the operator of
South Korea’s largest search engine, announced
Its decision to acquire Donamo as a wholly owned subsidiary of
its company Naver Financial through a share swap deal.
A security official said: Hackers have
a strong tendency to make themselves known.
This suggests that they may have taken advantage
of the media attention surrounding the acquisition deal.
