Upbit’s $32 Million Security Breach: Lazarus Group Suspected in Major Crypto Exchange Hack

South Korean cryptocurrency exchange Upbit faces staggering $32 million security breach as notorious Lazarus Group emerges as prime suspect.

The Digital Heist Unfolds

Upbit joins growing list of crypto exchanges targeted by sophisticated hacking operations. The $32 million theft represents one of 2025's most significant security breaches in digital asset space.

Lazarus Strikes Again

North Korean hacking collective Lazarus Group suspected behind coordinated attack. Known for previous high-profile crypto thefts, the group continues exploiting security vulnerabilities across global exchanges.

Market Impact Assessment

Despite the breach, crypto markets demonstrate resilience—proving once again that digital assets move faster than traditional finance's paper-shuffling bureaucracy. The incident highlights ongoing security challenges while showcasing cryptocurrency's inherent robustness against isolated shocks.

Security remains paramount, but the ecosystem's ability to absorb such blows separates crypto from legacy systems that crumble under far smaller pressures.

South Korean cryptocurrency exchange Upbit suffered a theft of approximately 44.5 billion won ($32 million) in Solana-based assets, with authorities investigating whether North Korea's Lazarus Group orchestrated the attack, according to Yonhap News Agency.

The breach occurred early Wednesday morning at 4:42 a.m. local time when assets were transferred from a hot wallet to an unidentified external address. The incident occurred exactly six years to the day after Upbit's 2019 hack, when 342,000 ETH worth $50 million at the time was stolen in an attack later attributed to Lazarus and Andariel, North Korean state-linked hacking groups.

Upbit immediately suspended all deposit and withdrawal services for Solana network assets and moved remaining funds to cold storage. The exchange froze approximately 2.3 billion won worth of Solayer (LAYER) tokens and is working with token projects and institutions to freeze additional assets.

Over 20 tokens were affected, including SOL, USDC, BONK, Jupiter (JUP), Raydium (RAY), Render (RENDER), Orca (ORCA), Pyth Network (PYTH), Magic Eden (ME), Official Trump (TRUMP), and various memecoins including Moo Deng (MOODENG) and cat in a dogs world (MEW).

"We have identified the exact amount of digital assets that were leaked, and we will fully cover the loss with Upbit's own assets so that customers are not affected in any way," Oh Kyung-seok, CEO of Dunamu, which operates Upbit, said in a statement.

Authorities are planning an on-site investigation at the exchange, with government sources indicating belief that Lazarus was behind the attack. The group has previously targeted crypto platforms to fund North Korean regime activities.

The breach occurred the same day Dunamu announced plans to merge with Naver Financial and invest 10 trillion won over five years to develop AI and Web3 technology infrastructure in South Korea.

Upbit revised its initial loss estimate from 54 billion won to 44.5 billion won after adjusting for market prices at the time of the unauthorized withdrawal. The company confirmed the breach originated from its hot wallet, while its cold wallet storage remained secure.

The exchange said it is conducting a comprehensive security review of its entire digital asset deposit and withdrawal system and will resume services sequentially once safety is confirmed. Upbit is cooperating with investigative authorities and tracking the stolen assets through blockchain analysis.

In the 2019 attack, investigators concluded that more than half the stolen ETH was laundered through exchange accounts created with false identities, using methods typical of the Lazarus Group including wallet hopping and mixing techniques.