According to Yonhap News Agency, South Korean authorities are focusing on investigating whether Lazarus Group was the attacker in the Upbit theft incident and have launched an on-site inspection of Upbit.

The attack occurred in a hot wallet, using the same method as the 2019 Upbit 58 billion won Ethereum theft case. Government officials said that the attackers may have transferred funds by stealing administrator accounts or impersonating administrators.

Security experts pointed out that the hackers transferred the funds to other exchange wallets and performed coin mixing operations after the attack, which is a typical method of Lazarus Group. Since countries joining the Financial Action Task Force on Money Laundering cannot conduct coin mixing operations, North Korea is more likely to have committed the crime.

[Foresight News]

South Korean authorities suspect Lazarus Group as the attacker in the Upbit theft incident.