Upbit hack raises fresh security concerns in crypto

South Korea’s largest cryptocurrency exchange, Upbit, suffered a hack that resulted in the theft of digital assets worth 44.5 billion won. The breach occurred on November 27, exactly six years after roughly 58 billion won in digital assets were stolen in a 2019 hacking attack linked to North Korea’s Reconnaissance General Bureau. The incident came one day after Dunamu, Upbit’s operator, formally announced its merger with Naver Financial, a subsidiary of Naver.

Upbit said it discovered around 4:42 a.m. on November 27 that digital assets worth approximately 44.5 billion won on the Solana network had been transferred to an unidentified wallet not designated by the exchange. The stolen assets included 24 types of digital currencies, including Solana. Upbit said it immediately suspended deposits and withdrawals after detecting the unusual transactions and began a thorough investigation to protect customer assets.

The company also reported the incident to the Korea Internet and Security Agency and the Financial Supervisory Service. Upbit CEO Oh Kyung-seok said, “We will cover all losses with Upbit’s own assets to ensure that no damage occurs to our members’ funds.” Under the Act on the Protection of Cryptocurrency Users, Upbit’s reserve for potential hacking and system failures amounted to 67 billion won as of the end of September.

Upbit was previously hacked on the same date six years earlier, on November 27, 2019, when more than 342,000 Ethereum coins, valued at 58 billion won at the time, were stolen. Investigators concluded that the attack was carried out by Lazarus and Andariel, hacking groups linked to North Korea’s Reconnaissance General Bureau. At that time, Upbit also covered the full loss using corporate assets, preventing any customer losses.

Experts expressed concern that a similar incident occurred again on the same date, saying it underscores persistent security vulnerabilities. “This shows that security loopholes still exist,” an attorney specializing in cryptocurrency said. “Upbit may also deserve criticism for late notification because users might have delayed withdrawing their assets.”

Even so, the incident is expected to have a limited impact on the market. “This incident will likely prompt a comprehensive review of internal control systems at cryptocurrency exchanges in South Korea," said” Oh Ki-seok, head of business at asset management firm Lexshares Asia. “However, the scale of the hack is not large enough to significantly affect the market.”

The Cyber Terror Investigations Unit of the National Office of Investigation at the Korean National Police Agency has launched a preliminary inquiry to verify the facts surrounding the Upbit hacking incident. Police confirmed the breach through media reports and conducted an on-site investigation of Dunamu, the operator of the exchange.


이호 number2@donga.com