Content |
Main article: Cryptocurrency exchanges
History
2025
Hackers hacked Upbit and stole $37m from its customers
On November 27, 2025, the South Korean cryptocurrency exchange Upbit was forced to suspend withdrawals in connection with a hacker attack. The attackers managed to steal assets, including stablecoins, worth about $37 million.
According to some reports, during the attack, cybercriminals hacked Upbit administrator accounts to authorize withdrawals. The stolen SOL tokens were converted into USDC stablecoins, followed by an exchange for Ethereum. One of the unauthorized transactions in the amount of approximately $8 million was frozen.
An employee of the cybercrime investigation department of the National Police Agency of South Korea said that an investigation has been launched into the hacker invasion. Any details about the incident were not disclosed. Dunamu, which is the operator of Upbit, apologized for the inconvenience and promised to fully reimburse the affected users.
 | We are currently investigating the causes and extent of the outflow of assets, a Dunamu spokesman said. |  |
Meanwhile, South Korea suspects that the cybercriminal group Lazarus Group, which is associated with North Korea, may be behind this incident. The fact is that the hacking methods are similar to those used in the attack on Upbit in 2019: then the crypto exchange suffered losses of about $50 million. According to reports, the Lazarus Group is behind many malicious campaigns, including cyber espionage, cyber sabotage, ransomware attacks and financial malware. Moreover, initially the group's activities were associated with geopolitical factors mainly in South Korea.
The Upbit hack came shortly after Naver Financial, a unit of South Korea's largest internet portal Naver, agreed to acquire Dunamu for $10.3 billion.[1]
Closure due to money laundering
On January 16, 2025, the Financial Intelligence Unit (FIU) of the Financial Services Commission of South Korea ordered the country's largest crypto exchange Upbit to stop operations. The reason is non-compliance with anti-money laundering requirements.
It is said that in November 2024, FIU conducted an audit of the crypto exchange that was required to renew the company's license. The regulator identified about 700 thousand cases when Upbit failed to properly implement Know Your Client (KYC) procedures, which are critical to preventing money laundering and other financial crimes.
Upbit, which accounts for more than 70% of the domestic market, is to provide FIU with explanations and comments. After that, the regulator will make a final decision on fines and sanctions against the crypto exchange. If the ban is approved, Upbit will lose the ability to attract new customers for up to six months. In addition, certain restrictions on customer withdrawals may be imposed.
In accordance with the legislation in force in South Korea, a fine of up to 100 million won (about $68.6 thousand at the exchange rate as of January 17, 2025) can be issued for each violation of the company. Thus, if all 700 thousand violations identified are taken into account, the total amount of recovery can be up to $48 billion.
It is noted that the actions of the FIU are part of a broader effort to ensure compliance with the rules for combating money laundering and the financing of terrorism. The law obliges financial institutions, including virtual asset exchanges, to implement strict KYC procedures. In general, the regulatory environment in South Korea is gradually tightening, due to the desire to ensure transparency, protect investors and prevent illegal activities in the cryptocurrency market.[2]
2019: Hacker attack and kidnapping over $1 billion
On November 21, 2024, the National Directorate of Investigation of South Korea reported that North Korean hackers were behind the hacking of the local cryptocurrency exchange Upbit. Damage from a cyber attack as of this date is estimated at more than $1 billion.
It is clarified that the attack was committed back in 2019. Then the attackers managed to steal 342 thousand. Ethereum (ETH), which at the time of the hack was equivalent to about $50 million. In prices as of November 22, 2024, the value of such assets in ETH is $ 1 141 531 481.
For several years, as noted, it was not clear who exactly carried out the attack on Upbit. But a long investigation conducted by South Korean specialists with the support of the FBI and the Swiss authorities made it possible to get on the trail of cybercriminals. It is alleged that the hacking of the Upbit crypto exchange was carried out by hackers from the Lazarus and Andariel groups, which are associated with North Korea. Attackers used advanced methods to carefully plan and implement the attack. The analyzed suspicious cryptocurrency transactions, tracked IP addresses and identified patterns directly indicate that the hack was carried out by North Korean criminals, it said.
After the invasion and theft of funds, hackers used complex laundering methods, which makes it almost impossible to return the stolen assets. Roughly 57% of the stolen Ethereum cryptocurrency was found to have been sold on black market platforms, some of which are reportedly linked to North Korea. The remaining funds, as noted by the Coinpedia.org resource, were redirected through 51 foreign exchanges. To further complicate asset tracking, cybercriminals converted part of Ethereum to Bitcoin, often at low prices.[3]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |