South Korean crypto alternate Upbit says that there’s “no excuse” for the “inadequate security management” that has led to a severe personal key vulnerability on its platform.
Oh Kyung-seok, the CEO of Upbit’s father or mother firm, Dunamu, issued a press release at this time that claimed the vulnerability, which may enable would-be hackers to guess one other person’s personal keys, was found throughout its evaluation of public Upbit pockets transactions on the blockchain.
Translated from Korean utilizing DeepL, Oh apologized for the 44.5 billion Received ($30 million) theft from the agency’s Solana sizzling pockets, saying, “This intrusion incident resulted from inadequate security management at Upbit, and there is no excuse for this.”
Upbit says attackers might need inferred personal keys by analyzing person pockets tackle patterns. If true, I doubt anybody apart from North Korean hackers (Lazarus) may do that. pic.twitter.com/cS4I8okrVb
— Ki Younger Ju (@ki_young_ju) November 28, 2025
CryptoQuant CEO Ki Younger Ju thinks Lazarus could be the perpetrator of Upbit’s hack.
The CEO revealed that 38.6 billion Received ($26.2 million) consisted of “member losses” and that 2.3 billion Received was frozen. Oh additionally claimed that the opposite 5.9 billion Received ($4 million) was made up of firm losses.
Oh’s assertion claims that Upbit was capable of tackle the personal key estimation vulnerability and likewise totally reimburse person losses with Upbit’s remaining reserves.
“To protect member assets, Upbit has suspended digital asset deposits and withdrawals, is tracking digital assets moved outside of Upbit, and is taking freezing measures,” it claimed.
Lazarus suspected of personal key exploit
Upbit was previosuly focused by the group six years in the past when it stole $50 million value of ether in 2019.
The crypto alternate mentioned at this time that “Upbit has consistently strived to safeguard member assets, but this incident has once again made us realize that there is no such thing as perfect security preparedness.”
Crypto safety agency CertiK has warned in a report this yr concerning the potential for hackers to foretell, and even reconstruct, the personal keys of crypto wallets.
It highlights how the personal key generator Profanity may very well be exploited by way of a brute drive assault, and was seemingly the supply of a personal key leak that led to the $160 million hack of the market maker Wintermute.
As a result of Profanity’s tackle generator solely has “2^32 possible initial key pairs and each iteration is reversible, attackers could recover any Profanity-generated private key from its corresponding public key,” CertiK claimed.
