South Korean authorities reportedly consider that North Korea’s Lazarus group carried out the Upbit hack, whereas the subtle Solana-based tokens are quickly transformed into Ethereum throughout 185 wallets inside hours.
The breach occurred as Dunamu, Upbit’s guardian firm, introduced a landmark $10.3 billion merger with Naver. The coincidence has heightened uncertainty for each corporations amid ongoing investigations and regulatory stress.
Sponsored
Sponsored
Authorities Suspect North Korea-backed Lazarus
Authorities are investigating the 44.5-billion-won ($30 million) Upbit hack as a possible operation by North Korea’s Lazarus group. The assault reused a 2019-style hot-wallet breach, with hopping and mixing exercise suggesting deliberate laundering. Monetary regulators and the Korea Web & Safety Company (KISA) have visited Dunamu’s headquarters and have launched emergency on-site inspections to evaluate the injury and safety failures.
The Upbit safety breach revealed extremely superior cross-chain cash laundering methods. On-chain knowledge analyzed on November 28 confirmed the attacker swapped 24 Solana-based tokens for WSOL (Wrapped Solana) and SOL earlier than scattering funds throughout 185 wallets. The attacker quickly bridged stolen property throughout chains and transformed them into ETH, accumulating over $1.6 million after draining Upbit’s scorching pockets.
immediately south korea blamed north korea for the upbit hack
good headline
however that half got here later
so what truly occurred?
an unknown attacker drained a number of of upbit’s scorching wallets
waited a bit
then began shifting funds throughout chains
sooner or later the hacker bridged usdc from… pic.twitter.com/swq8yjIOLR
— trix (@trixwtb) November 28, 2025
Market observers famous the sophistication of the operation. One analyst monitoring the fund’s actions in actual time famous that bridging exercise through Allbridge created arbitrage gaps as a consequence of skinny liquidity swimming pools. Every switch of $200,000 to $300,000 left clear traces for these following blockchain flows carefully.
Ongoing Penalties Complicate the Future
The hack provides to Dunamu’s ongoing regulatory woes. Earlier in November, the Monetary Intelligence Unit (FIU) beneath Korea’s Monetary Companies Fee levied a document 35.2 billion KRW effective ($26.5 million) on the alternate operator for violating necessities on the reporting and use of specified monetary transaction info. That is the heaviest penalty the FIU has issued to a crypto agency.
These violations included failing to conduct required buyer due diligence 5.3 million instances, failing to dam 3.3 million unauthorized transactions, and 15 unreported suspicious actions. Past the effective, regulators imposed a three-month partial enterprise suspension and reprimanded 9 executives. Dunamu has appealed the suspension, with the following trial scheduled subsequent week.
Sponsored
Sponsored
The penalties have frozen Digital Asset Service Supplier (VASP) license renewals for over a yr. All main Korean gained buying and selling exchanges, together with Upbit, now function on prolonged licenses whereas Dunamu awaits the end result of its case. Underneath Korean regulation, the standard three-year renewal course of stays on pause till sanctions are resolved. The deadlock impacts your complete Korean cryptocurrency sector.
Trade specialists notice that the potential enterprise suspension could block Dunamu from independently coming into new ventures. Nonetheless, the merger with Naver might provide a method ahead. By way of Naver’s acquisition, Dunamu would possibly be capable to entry new markets regardless of direct regulatory hurdles.
Nonetheless, the hack is complicating the scenario. If inside failures are confirmed, Dunamu might face extra penalties. Such sanctions could make its VASP license renewal much more troublesome. Conversely, if Lazarus’ involvement is confirmed, Upbit might achieve a partial exemption, because it did after the assault six years in the past. That case produced conclusions solely after 5 years. An identical timeline could delay regulatory judgments this time as properly.
Authorities are reviewing doable inside management failings. Dunamu briefly halted all deposits and withdrawals on Upbit, launched inside safety checks, and pledged to work with analytics corporations and regulation enforcement to freeze stolen property. The corporate additionally dedicated to totally reimbursing clients for his or her losses.
Merger Goals for Subsequent-Gen Monetary Infrastructure—however Faces Hurdles
The announcement of the merger—on the identical day because the Upbit hack—now faces elevated skepticism. At a November 27 press convention at Naver headquarters in Seongnam, executives outlined plans to mix the businesses in an all-stock deal price $10.3 billion. The transaction will problem 87.56 million new Naver shares and goals to realize three principal objectives.
First, the brand new firm intends to design next-generation monetary infrastructure to diversify income past alternate operations. Second, it plans to tackle new cost wants by issuing and circulating a KRW-backed stablecoin for native and worldwide settlements. Third, the entity will pursue international enlargement by merging Dunamu’s blockchain experience with Naver’s broad Asian person base.
The merged agency hopes to leverage each blockchain and Web3 expertise, alongside synthetic intelligence. Naver’s substantial platform attain, together with Line Messenger, might gasoline speedy worldwide development, one thing most blockchain startups wrestle to realize. Executives additionally raised the potential of in search of a US Nasdaq itemizing, however provided that shareholder worth may be confirmed.
The hack, once more, introduces new problems. Regulators could now scrutinize Dunamu’s safety measures extra carefully as a part of the merger evaluate. The scenario additionally raises issues about whether or not Naver’s acquisition can proceed amid energetic felony and regulatory probes. Different market shifts—similar to Binance’s current acquisition of the alternate Gopax—are additional shaping the regulatory panorama.
If Dunamu’s case for VASP license renewal is resolved, evaluations for all platforms might resume, probably ending the logjam that has stalled the business for over a yr. The outcomes of authorized proceedings and investigations following the hack could decide whether or not the merger proceeds easily or faces delays and restructuring.
