The largest South Korean cryptocurrency exchange, Upbit, recently uncovered a significant internal wallet vulnerability following a $30 million hack. This incident has prompted heightened security measures as authorities explore potential ties to the notorious Lazarus Group.
Emergency Audit Reveals Security Flaw
An emergency audit initiated after unusual activities were detected on November 26 has identified a flaw in Upbit’s internal wallet software. This weakness could theoretically allow attackers to mathematically derive private keys by analyzing blockchain transactions.
CEO Oh Kyung-seok stated in a post-audit announcement that while blockchain data is generally public and secure, the company’s specific wallet implementation generated weak and predictable signature data, posing a theoretical risk.
Upbit clarified that this vulnerability was uncovered only after a comprehensive system review and did not seem directly linked to the hack itself. The platform has since patched the security flaw and conducted a thorough inspection of all associated networks and wallet systems to ensure no further weaknesses exist.
Company to Cover Losses from Own Reserves
The Upbit hack, resulting in losses around 44.5 billion KRW (approximately $38.6 million in client assets), has led the exchange to take immediate action. Withdrawals were suspended, and remaining assets were transferred to cold storage to prevent further losses.
Approximately 2.3 billion KRW (about $1.5 million) of the stolen funds have already been frozen. Kyung-seok described the situation as a reminder that no security system can be deemed entirely infallible.
He assured customers that Upbit would cover all losses using its own reserves and committed to enhancing security measures across the platform. The exchange plans to resume deposits and withdrawals only after a final verification of its wallet systems.
Authorities Investigating the Hack
South Korean authorities have launched an investigation into the incident, with initial intelligence reports suggesting a possible link to the Lazarus Group, which is associated with North Korea.
Although neither Upbit nor the regulators have confirmed this publicly, the company continues to work closely with law enforcement and blockchain projects to recover and freeze the stolen assets where possible.
This incident has prompted Upbit to conduct a broader security review of its entire infrastructure. The exchange noted that irregular withdrawals from wallets related to Solana, including tokens such as ORCA, RAY, and JUP, triggered the emergency audit and subsequent discovery of vulnerabilities.
By undertaking a complete overhaul of its wallet systems, Upbit aims to prevent similar breaches in the future.
John is a seasoned journalist at The Bothside News, specializing in balanced reporting across news, sports, business, and lifestyle. He believes in presenting multiple perspectives to help readers form informed opinions. His work embodies the publication’s philosophy that truth emerges from examining all sides of every story.
