Feeds Articles

South Korea's Crypto Exchange Hacking History: Upbit Once Hacked by North Korean Hackers Stealing 342,000 ETH, Bithumb Also Hacked Multiple Times

2025.11.27 12:15:41

November 27th: South Korea's largest cryptocurrency exchange, Upbit, came under attack today. Previously, in November 2019, the exchange was hacked when its hot wallet was breached, and 342,000 ETH was transferred to an unknown address, with a value of approximately $50 million. The mastermind of the attack is suspected to be the North Korean hacker group Lazarus Group. After the theft, Upbit fully compensated its users with its own funds and suspended trading for two weeks. Subsequently, the exchange increased the ratio of cold wallet asset storage to 70%. This morning, Upbit disclosed that it detected unusual withdrawal activity at 4:42 AM. Around 540 billion Korean won (approximately $36 million) of Solana network-related digital assets were moved to an unknown external wallet address. Upbit will cover all customer losses and has suspended Solana network asset deposits and withdrawals. The stolen assets include tokens such as 2Z, ACS, BONK, DOOD, TRUMP, USDC, and W. It is worth noting that yesterday, South Korea's largest web portal, Naver, agreed to acquire Dunamu, the operator of Upbit, South Korea's largest cryptocurrency exchange, through a full stock transaction valued at approximately $10.3 billion. South Korea's second-largest cryptocurrency exchange, Bithumb, has also been a target of multiple cyberattacks. In February 2017, unknown hackers breached an employee's computer, stole user data, and transferred around $7 million in assets. Subsequently, some of Bithumb's user data was leaked, leading to phishing attacks. In June of the same year, the exchange experienced another employee computer breach, exposing the personal information of 31,000 users and resulting in approximately $1 million in stolen funds. On June 20, 2018, Bithumb's hot wallet was compromised, and around $32 million in assets were stolen, with suspicion falling on North Korea's Lazarus Group. Bithumb halted trading, moved its assets to cold wallets, compensated users for half of the funds, and successfully recovered the other half of the stolen funds. On March 29, 2019, Bithumb experienced abnormal withdrawals from its hot wallet, with EOS and XRP being transferred, indicating possible internal assistance. The total loss amounted to around $19 million. Bithumb fully compensated its users, prompting an investigation by the South Korean police.

Add to Favorites Download image Share x Copy link

Relevant content

Insight: Trump Appears to Still Favor a 'Pressure-First' Strategy

April 2 – Pepperstone Group research strategist Dilin Wu noted Trump’s speech was indeed disappointing. While claiming victory, Trump threatened to target Iran’s energy and power facilities and signaled a major strike could be launched in the next two to three weeks — essentially business as usual. Earlier comments about withdrawing U.S. troops from the Middle East now appear more like an attempt to soothe markets while retaining pressure options. Evidently, he still favors a "pressure-first" strategy over a full thaw in relations. (FXStreet)

1 seconds ago

Analyst: Market Hungry for More Progress, Sees Several Weeks of Uncertainty on Iran War

On April 2, IG market analyst Tony Sycamore stated: “Previously, the market’s baseline expectation was that tensions would keep easing—and we’ve seen clear signs of that over the past few days. The trend still holds, but the market’s hungry for more tangible progress. To me, this speech didn’t offer much new insight.” He added: “The Strait of Hormuz remains the biggest wild card in everyone’s playbook. For stocks, it’s a classic ‘buy the rumor, sell the fact’ reaction—while the oil market’s response has been the exact opposite. Right now, uncertainty over the next two to three weeks is hanging over the market.” (Source: FXStreet)

1 seconds ago

Fleeting Victory Illusion Shattered in Market, Japanese and South Korean Stocks Plummet

On April 2, stock markets in Japan and South Korea tumbled after Donald Trump failed to outline a clear ceasefire timeline in a national address. The Japanese Nikkei 225 index erased earlier gains, last down 1.1% at 53,151.80 points. South Korea’s KOSPI index dropped 3.00% intraday and was last trading at 5,313.97 points. Trump’s comments dashed market hopes for a swift resolution to the Iran conflict. He stated the U.S. is on the verge of achieving all its military objectives and will launch fierce strikes against Iran in the next two to three weeks. (Source: FX678)

1 seconds ago

Iran Launches Missile in Response to Trump Speech

April 2: Moments after Donald Trump concluded his national address, Iran launched another barrage of missiles at Israel. (Kimchi)

1 seconds ago

SlowMist: Drift's multi-signature mechanism was modified a week before the theft, followed by an admin key leak

**April 2nd: SlowMist’s Drift Hack Analysis** SlowMist’s breakdown of the Drift protocol hack shows that one week before the attack, Drift updated its multisig setup to a 2/5 threshold (1 existing signer + 4 new signers) and skipped implementing a timelock. The attacker exploited this gap to gain admin access, mint counterfeit CVT tokens, manipulate the oracle, disable security protocols, and siphon high-value assets from the liquidity pool. Stolen funds have since been consolidated into a single Ethereum address, holding roughly 105,969 ETH (valued at ~$226 million). SlowMist noted that tracking efforts for the funds are ongoing.

1 seconds ago

ZachXBT Calls Out Circle Again: Accuses It of 'Slow Response' in Drift Hack Incident

On April 2nd, on-chain sleuth ZachXBT accused Circle of failing to act promptly during the Drift attack. He noted that during U.S. trading hours, tens of millions of USDC were transferred from Solana to Ethereum via a cross-chain protocol—with no intervention for hours. He also stated the funds in question had been successfully transferred, adding Circle “once again took no action.” ZachXBT further pointed out Circle had previously mistakenly frozen over 16 business hot wallets, which are currently being gradually unfrozen. He called out Circle and its CEO Jeremy Allaire, saying their actions have negatively impacted the industry.

1 seconds ago

Hot feeds

A trader profits $448K by monitoring #Binance's new listings!

2024.12.13 17:37:29

A smart #AI coin trader made $17.6M on $GOAT, $ai16z, $Fartcoin,$arc.

2025.01.05 16:05:18

When Elon Musk tweeted about Moltbook, the meme coin MOLT experienced a short-term 30% price surge, hitting a new all-time high of $114 million.

2026.01.31 18:37:29

Last week, funds have flowed into #Bitcoin, #Ethereum, and #Hyperliquid.

2024.12.16 14:48:36

A $PEPE whale that had been dormant for 600 days transferred all 2.1T $PEPE($52M) to a new address.

2024.12.14 10:35:27

A sniper earned 2,277 $ETH ($8.3M) trading $SHIRO within 18 hours!

2024.12.03 23:09:08

More

Hot Articles

How did I turn $1,000 into $30,000 with smart money?

2024.12.09

10 promising AI Agent cryptos

2024.12.05

The 30-Year-Old Entrepreneur Behind Virtual, a Multi-Million Dollar AI Agent Society

2025.01.22

10 smart traders specializing in MEMEcoin trading on Solana

2024.12.09

A trader lost $73.9K trading memecoins in just 3 minutes — a lesson for us all!

2024.12.13

What is $SPORE? Let us take you through the on-chain records to show you how it works.

2024.12.25

More

Follow us

X

Telegram