News

Upbit’s $30M Solana wallet breach – Key details and official statements

Key points

  • Upbit's breach of a Solana-based wallet took place on November 27, official reports revealed.
  • The exchange and local government authorities are conducting an ongoing investigation.
  • All member asset losses are reportedly covered by Upbit's funds.
Rada Mateescu
By
Rada Mateescu
Upbit's $30M Solana wallet breach - Key details and official statements
Contents

The biggest crypto exchange in South Korea, Upbit, reportedly suffered a hack on November 27, resulting in the unauthorized withdrawal of 44.5 billion KRW, worth over $30 million, according to the Yonhap News Agency, cited by Reuters.

The main suspect behind the incident is reportedly a group of hackers affiliated with North Korea’s spy agency, Lazarus Group.

On November 28, the CEO of Dunamu, Upbit’s parent company, released an official statement about the incident, revealing what happened, Upbit’s measures, and prevention actions.

Dunamu CEO Releases Official Statement

Oh Kyung-seok, the CEO of Dunamu, released an official statement about the incident on November 28, shared on Upbit’s official website.

He apologized for the concerns caused to members due to the cyber intrusion incident.

Key details from his statement include the following:

  • The incident occurred due to insufficient security management at Upbit.
  • Upbit, an exchange that places user protection first, promises that no member assets will suffer any loss.
  • The crypto exchange reported the cyber intrusion to authorities, and there’s currently a pending investigation, analyzing the cause and scale of damage.

What Happened During the Incident?

Dunamu CEO said that on November 27, Upbit detected abnormal withdrawals from the Solana-based wallet, and the exchange conducted a comprehensive inspection of the related networks and wallet systems.

During the investigation, Upbit discovered and addressed a security vulnerability that could allow attackers to infer private keys by analyzing multiple wallet transactions.

According to the exchange’s assessment:

  • The total value of compromised assets is 44,5 billion KRW (worth over $30 million).
  • Member assets affected account for approximately 38,6 billion KRW (worth over $26 million).
  • Upbit successfully froze approximately 2.3 billion KRW (worth over $1.5 million).
  • Company losses amount to approximately 5.9 billion KRW (worth over $4 million).

Upbit’s Actions Following the Event

Upbit’s actions following the incident include the following:

  • Upbit reportedly suspended all crypto deposits and withdrawals.
  • The exchange is tracking and freezing the crypto transferred outside Upbit.
  • Upbit has also reportedly covered all member losses using its own funds.
  • The crypto exchange is overhauling its wallet systems and will resume crypto deposits and withdrawals when stability is confirmed.
  • Upbit activated a company-wide emergency response system, reviewing all aspects of security infrastructure related to the hack.
  • The exchange will strengthen security measures and improve all systems.

As highlighted by the Dunamu CEO, Upbit crypto exchange has worked diligently to protect member assets, but this incident reminded the team that no security system is perfect; however, the security framework will be enhanced to prevent future incidents.

Upbit will update the community once new details emerge.

South Korea’s Authorities Conduct an Ongoing Investigation

The latest reports from Yonhap revealed that, according to the ICT industry and local government authorities, an investigation is being conducted.

The publication reported that rather than a severe attack, it’s possible that the hackers stole an administrator account, or pretended to be an administrator in order to authorize fund transfers.

Lazarus Group – The Main Suspect

Final investigation results are still pending, but the security industry believes that the Lazarus Group is behind the incident, considering the MO involved in the hack:

  • Assets were transferred to another exchange wallet.
  • Transferred assets were then mixed (laundered).

A cybersecurity expert, cited by the publication, stated that such an MO is characteristic to Lazarus, and once mixing occurs, transactions become untraceable. The expert highlighted that countries that are part of the FATF (Financial Action Task Force) prohibit mixing, and this is another hint that North Korea is responsible for the hack.

South Korea is a full member of FATF since 2009.

Also, the incident took place on November 27, the same day as a press briefing conference regarding the merger between Naver Financial and Dunamu (the parent company of Upbit). This strengthens suspicions of Lazarus’ involvement, as hackers often have a “strong desire to show off”, according to the security expert, cited by Yonhap.

TAGGED:
Share This Article
ByRada Mateescu
Romanian journalist turned Bitcoin advocate since 2017, promoting financial freedom and principled innovation - learn, adapt, build, defend truth. Embracing the future without compromising human values. Featured in Bloomberg, backed by Bitcoin ecosystem leaders, building on crypto.ro.
Ad image