Lazarus-linked $30M Upbit Solana Hot-Wallet Hack — Multichain Laundering and Partial Freezes
South Korean investigators attribute a roughly $30 million theft from Upbit to the North Korea–linked Lazarus Group after an exploit of the exchange’s Solana hot wallet. The breach was detected early Thursday and led Upbit to suspend deposits and withdrawals while launching an on-site probe. Authorities say the method mirrors Lazarus tactics used in a 2019 Upbit incident, involving rapid multichain laundering — notably swaps into USDC and bridging from Solana to Ethereum across multiple wallets. On-chain tracing indicates some tokens were converted quickly and routed through bridges; security firms note this laundering pattern has been tied to Lazarus previously. Upbit operator Dunamu pledged full customer reimbursement from company funds and reported freezing of certain stolen assets, including about $8.18 million in LAYER. The incident follows a string of large exchange thefts linked to Lazarus this year and may have coincided with corporate news that affected timing. Investigations and asset-tracing efforts are ongoing. Key keywords: Upbit hack, Lazarus Group, Solana, SOL, multichain laundering, USDC, bridge, crypto security.
Bearish
The theft directly affects market sentiment for the assets involved, particularly Solana ecosystem tokens and any frozen tokens such as LAYER. Short-term impact is likely bearish: traders often sell on security shocks, liquidity for affected Solana-based tokens may tighten as deposits/withdrawals were suspended, and automated risk flows (de-risking, exchange delist considerations) can pressure prices. The laundering route into USDC and bridging to Ethereum may mute immediate on-chain sell pressure but preserves exchange-related uncertainty. Mid-to-long-term effects depend on recovery and reimbursement: Dunamu’s pledge to reimburse users reduces systemic counterparty risk and limits contagion to wider crypto markets, which could neutralize losses over time. However, repeated attribution to Lazarus and a pattern of large exchange breaches may keep downward pressure on trader confidence in Solana hot-wallet custodial security until exchanges strengthen on-chain controls and cold-storage practices.