Analysis: Upbit may have been subjected to long-term infiltration by an advanced persistent threat organization.

PANewsNov 28, 2025
#Layer1 SOL-0.31%SOSO-7.84%
On November 28th, security firm GoPlus analyzed the Upbit attack and revealed several serious issues: the hot wallet leak points to vulnerabilities in key management and internal network security vulnerabilities. Cold wallets remain secure.

The incident is noteworthy for several reasons: 1. It was an "anniversary attack"—the date coincided with the $50 million hack in 2019 (six years ago); 2. The timing was clever—the attack was launched hours after the announcement of the major merger between Dunamu and Naver; 3. It exhibited typical Lazarus characteristics—the speed, methods, and symbolic significance of the attack; 4. Sophisticated money laundering methods—using multiple DEXs, potentially circumventing regulations (2200 $SOL tokens transferred to Binance).

All these signs indicate that the platform may have been under long-term infiltration by an Advanced Persistent Threat (APT) group. Previously, Upbit disclosed that approximately 54 billion won worth of Solana network assets had been stolen; South Korean authorities suspect that the North Korean hacking group Lazarus was behind the attack.

[PANews]

Source
Powered by ChatGPT
All You Need to Know in 10s
Your One-Stop Crypto Investment Powerhouse

Analysis: Upbit may have been subjected to long-term infiltration by an advanced persistent threat organization.

PANewsNov 28, 2025
#Layer1 SOL-0.31%SOSO-7.84%
On November 28th, security firm GoPlus analyzed the Upbit attack and revealed several serious issues: the hot wallet leak points to vulnerabilities in key management and internal network security vulnerabilities. Cold wallets remain secure.

The incident is noteworthy for several reasons: 1. It was an "anniversary attack"—the date coincided with the $50 million hack in 2019 (six years ago); 2. The timing was clever—the attack was launched hours after the announcement of the major merger between Dunamu and Naver; 3. It exhibited typical Lazarus characteristics—the speed, methods, and symbolic significance of the attack; 4. Sophisticated money laundering methods—using multiple DEXs, potentially circumventing regulations (2200 SOL tokens transferred to Binance).

All these signs indicate that the platform may have been under long-term infiltration by an Advanced Persistent Threat (APT) group. Previously, Upbit disclosed that approximately 54 billion won worth of Solana network assets had been stolen; South Korean authorities suspect that the North Korean hacking group Lazarus was behind the attack.

[PANews]

Powered by ChatGPT
Scan QR Code to Explore more key information
One-stop financial research platform for Crypto Investors