South Korea investigates suspected North Korean role in 44.5 billion won Upbit crypto hack

South Korean authorities are examining the recent breach at cryptocurrency exchange Upbit amid suspicions that a North Korean hacking unit may have been involved in the unauthorised withdrawal of 44.5 billion won worth of digital assets.

Yonhap News Agency reported that investigators are looking closely at indicators that point to the Lazarus Group, a hacking outfit linked to North Korea’s intelligence agency. The group has been tied to several high-value crypto thefts in recent years and is considered one of the most sophisticated cyber threats globally. The U.S. Federal Bureau of Investigation has previously described North Korea’s cyber operations as “one of the most advanced persistent threats.”

The latest attack, described by Upbit as “an abnormal withdrawal”, bears similarities to the 58 billion won crypto heist of 2019 that was attributed to Lazarus, according to an unnamed government official cited by Yonhap.

An official from the National Police Agency’s cyber crime team confirmed that an investigation is underway but declined to share further details. The National Intelligence Service was not available for comment.

Dunamu, the operator of Upbit, said, “We are currently investigating the cause and scale of the asset outflow.”

The incident took place only hours before South Korean internet conglomerate Naver announced its agreement to acquire Dunamu. Upbit remains the country’s largest cryptocurrency exchange.