A technical analysis of the latest attack on Upbit, one of South Korea’s largest cryptocurrency exchanges, shows that the incident represents a much more complex situation than a typical hacking incident.
In a report detailing the attack, cybersecurity firm GoPlus noted that the hot wallet breach involved vulnerabilities in both key management and internal network security. While the company confirmed that its cold wallets remain secure, the nature of the attack suggests the possibility of a sophisticated and long-lasting compromise.
One of the notable aspects of this incident is the “anniversary attack.” This date coincides with a $50 million hack of Upbit in 2019. Furthermore, the attack was launched just hours after Dunamu and Naver’s big merger announcement, suggesting deliberate timing.
GoPlus also stated that the attack was consistent with typical Lazarus Group methodology. The speed, method of operation, and symbolic timing are consistent with known tactics of advanced persistent threat (APT) groups associated with North Korea. The methods used to launder the stolen assets are also noteworthy. The attackers reportedly used multiple decentralized exchanges (DEXs) to complicate tracing, and 2,200 SOL was transferred to Binance. These techniques suggest specialized money laundering processes designed to evade regulation.
Upbit previously announced that assets worth approximately 54 billion won were stolen from the Solana network as a result of the attack. South Korean authorities strongly suspect that the North Korean hacker group Lazarus was involved in this attack.
*This is not investment advice.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
