Upbit issued an update regarding the recent hack, acknowledging that gaps in its security processes contributed to the incident. The company takes full responsibility and states that “ there is no room for excuses “.
In brief
- Upbit admitted that flaws in its own wallet system played a role in the security breach, taking full responsibility.
- The exchange assures that the problem has now been fully corrected.
- Authorities say the North Korean hacker group Lazarus is suspected, using methods similar to a 2019 incident.
Upbit detects weakness in wallet system
In its latest communication, Upbit indicates that during the investigation into the theft of $30 million discovered on November 27, its team examined a large set of transactions from the platform's wallets. It was during this analysis that a flaw allowing private keys to be deduced was identified.
Although the vulnerability has now been fixed, the exchange specifies that it was only detected through an in-depth technical review, launched after observing unusual withdrawals from wallets linked to Solana.
We analyzed numerous Upbit wallet transactions made public on the blockchain and identified a security flaw that allowed us to derive private keys, a type of password that provides access to wallet addresses and assets. This vulnerability has since been fixed.
Oh Kyung-seok, CEO of Dunamu
To prevent further damage, Upbit suspended all deposits and withdrawals, and immediately began tracking and freezing assets transferred off-platform. Services will only resume once the exchange is certain of the complete stability of its system.
Impact on assets and repayment
According to Upbit, the breach involved the equivalent of 44.5 billion won ($30 million). Of this sum, 38.6 billion won ($26 million) belonged to customers, of which approximately 2.3 billion won ($1.5 million) may have been frozen. The exchange's equity represented the 5.9 billion won remaining. Upbit says it has already fully refunded all affected customers using its own reserves.
Previous Tremplin.io coverage recalled that the intrusion came from an Upbit hot wallet, while the cold wallet remained intact. The suspicious activity was detected at 4:42 a.m., involving several tokens from the Solana ecosystem: Solana (SOL), Jupiter (JUP), Magic Eden (NFT), USDC, as well as other associated assets.
Upbit breach linked to Lazarus
Upbit has initiated company-wide emergency procedures and is reassessing its entire security infrastructure. The platform reiterates that the protection of customer funds remains its top priority, while emphasizing that this incident illustrates the permanent vulnerability of platforms to sophisticated threats.
Furthermore, according to the Yonhap News agency, the North Korean group Lazarus is linked to the attack, according to government and sector sources. Authorities are now planning an on-site inspection to further investigate. Lazarus was already suspected in a previous hack targeting Upbit in 2019, during which 58 billion won of Ethereum was stolen; investigators note that the techniques used have strong similarities to those observed this time.
Maximize your Tremplin.io experience with our 'Read to Earn' program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
