Government and industry officials said authorities will conduct an on-site investigation, believing the breach was carried out by Lazarus, News.Az reports, citing Yonhap.
Dunamu, Upbit’s operator, said Thursday it confirmed the unauthorized transfer of 44.5 billion won in Solana-linked assets and will fully compensate the loss using its own holdings.
Lazarus was also suspected of stealing 58 billion won in Ethereum from Upbit in 2019, and officials noted that the methods used in the latest breach closely resemble that attack.
A government official said hackers may have compromised administrator accounts or impersonated administrators to initiate the transfers.
Experts say the incident comes as Pyongyang seeks foreign currency, with Lazarus known for moving stolen crypto across exchanges for laundering, making transactions nearly impossible to trace.
Some officials added that the hackers may have purposely struck a day after Naver announced its plan to acquire Dunamu, noting Lazarus’ pattern of “self-display.”
