Asia-Pacific

North Korean Hackers Suspected in Massive Crypto Theft in South Korea, Methods Follow Similar Pattern to 2019 Case

Reuters file photo
The flag of North Korea is seen in Geneva, Switzerland, in June 2017.

By Seidai Fujihara / Yomiuri Shimbun Correspondent

14:33 JST, November 29, 2025

SEOUL — South Korea’s largest cryptocurrency exchange Upbit suffered a massive cryptocurrency theft on Thursday, which the South Korean government believes was carried out by North Korean hackers, according to Yonhap News Agency.

The South Korean government suspects that Lazarus, a hacker group belonging to Pyongyang’s foreign intelligence agency, is highly likely behind the theft of about 44.5 billion won (about ¥4.75 billion), the agency has reported.

According to Upbit, it confirmed that about 44.5 billion won worth of cryptocurrency assets were transferred to an unidentified, undesignated account at around 4:40 a.m. Thursday, and reported the incident to financial authorities.

In its coverage on Friday, Yonhap News Agency quoted a South Korean government official as saying, “It is possible hackers compromised administrators’ accounts or posed as administrators to make the transfer.”

Lazarus is believed to have been responsible for a theft of about 58 billion won (about ¥6.2 billion) worth of crypto assets from Upbit in 2019. Reportedly, there are some similarities in the methods of the two cases.