The popular South Korean cryptocurrency exchange Upbit fell victim to a significant breach. Over $50 million in Ethereum were reportedly stolen, and a notorious North Korean hacking group is suspected.
One of South Korea’s most prominent cryptocurrency exchanges, Upbit, recently experienced a serious security breach. As per reports, the exchange endured an Ethereum (ETH) heist, with a noteworthy sum of over $50 million purloined from its hot wallet. Speculations are rife that the notorious hacking group known as ‘Lazarus’, originating from North Korea, may be accountable for the exploit.
Upbit Hack – A Detailed Account
On November 27, 2019, the Seoul-based cryptocurrency exchange reported a significant theft of 342,000 Ether, equivalent to around $50 million at the time. The unexpected and considerably large transaction was executed from the exchange’s hot wallet to an unknown wallet. Realizing the unusual activity, Upbit reacted promptly to halt all deposits and withdrawals as a safety precaution.
In an official statement, Upbit’s CEO, Mr. Lee Seok-woo, confirmed the breach and asserted the transfer was not a mistake or an internal operation but indeed a hack. He reassured users that their assets would be protected and all stolen funds would be covered by the company’s reserves. He also mentioned it would take approximately two weeks for the services to be fully resumed.
South Korea Police’s Investigation
The South Korea Police launched an investigation into the matter soon after the incident. Authorities are suspecting the probable involvement of the infamous Lazarus hacking group. The group, attributed to North Korea, is notorious for several hacks and cyberattacks globally, particularly targeting cryptocurrency exchanges and banks.
Following the incident, the South Korean Police’s Cyber Bureau together with the nation’s internet security agency began the probe. Early analysis suggests that the criminals may have gained access to the company’s private keys. However, the exact method of intrusion still remains unclear.
About Lazarus Group
The Lazarus Group, also known as Hidden Cobra, is a cybercrime group that has been associated with a series of high-profile attacks worldwide, including the infamous 2014 Sony Pictures hack, and the worldwide WannaCry ransomware attack in 2017.
Attribution to North Korea is based on the group’s use of a specific piece of malware dubbed ‘Manuscrypt,’ which is believed to have been developed and used exclusively by North Korean hackers. The group has been particularly active in targeting South Korean institutions, causing significant damage and theft of digital assets.
The Broader Impact
The Upbit hack has sent a shockwave through the South Korean cryptocurrency industry, highlighting the risks and challenges associated with safeguarding digital assets. However, it also underlines the importance of strengthening security measures and implementing robust infrastructures to protect against such sophisticated cyber threats.
Upbit’s swift response and assurance to its users in the aftermath of the incident have been lauded in the industry. It is hoped that the exchange’s prompt actions and the ongoing investigation will help to alleviate some of the potential damage while bringing the criminals to justice.
