South Korean government and industry sources revealed that Upbit, South Korea's largest virtual asset exchange, recently suffered a large-scale hacker attack, and approximately 45 billion won (approximately US$30.6 million) of cryptocurrency was illegally transferred out. It is currently suspected to be related to the North Korean "Lazarus" hacker organization. The competent authorities plan to conduct an on-site investigation at Upbit to further identify the attack methods and responsible parties.

Dunamu, which operates Upbit, said it discovered that approximately 44.5 billion won in Solana-related assets were transferred to unauthorized wallet addresses, and promised to fully bear the loss with its own assets. Relevant departments pointed out that the attack method was similar to the case in which approximately 58 billion won of Ethereum was stolen from Upbit in 2019. At that time, it was also suspected that "Lazarus" was responsible.

Some government officials pointed out that rather than directly invading the server, this time it is more likely that hackers stole or forged administrator accounts and initiated transfer operations as administrators. Security experts said that North Korea continues to use cryptocurrency attacks to raise funds in the context of foreign exchange tensions. "Lazarus" usually first transfers stolen virtual assets to wallets on other exchanges, and then cuts off fund tracking through multi-layer transfer and money laundering techniques.

Some analysts believe that the hackers' choice to attack on Thursday may be related to a major merger announced the day before: Naver, South Korea's largest search engine operator, announced that its subsidiary Naver Financial will acquire Dunamu as a wholly-owned subsidiary through a stock exchange transaction. Some security sources pointed out that hackers often have a tendency to "show themselves" and may deliberately choose to launch attacks at such high-profile corporate transaction nodes to increase their presence.

The file picture distributed by the report shows that the Dunamu logo has appeared on the Naver headquarters building in Seongnam, southern Seoul, highlighting the deepening capital relationship between the two companies. Regulatory agencies are still investigating, including analyzing the attack path, the flow of stolen assets and the correlation with previous actions of "Lazarus". Subsequent results are expected to be released through further notifications or additional reports.