Experts: Upbit Solana Hot-Wallet Hack May Be Larger and Linked to Lazarus

South Korea’s largest crypto exchange Upbit suffered a Solana (SOL) hot‑wallet breach that appears more complex and larger than initial reports. Early estimates put losses at about 54 billion won (~$36–40M); later forensic analysis revised the figure (reports range ~44.5–54 billion won). Security firms (GoPlus, Dethective) say the attack exploited hot‑wallet key management and internal network weaknesses; cold wallets were not affected. Attackers moved stolen SOL to USDC, bridged funds to Ethereum, sent some funds (2,200 SOL reported) to Binance, and used multiple DEXs and mixers to obscure the trail — a laundering pattern consistent with North Korea–linked Lazarus Group operations. The timing — on the anniversary of Upbit’s 2019 breach and hours after Dunamu’s confirmation of a Naver Financial acquisition — has raised suspicion that timing was deliberate. South Korean authorities are conducting on‑site inspections and investigations; initial assessments suggest attackers likely compromised or impersonated admin accounts to authorize fraudulent transfers rather than breaching core servers. For traders: the incident directly affects Solana liquidity and could increase short‑term selling pressure on SOL and related markets, prompt withdrawal and listing scrutiny at exchanges, and accelerate regulatory or exchange responses to laundering through DEXs and bridges. This is an evolving investigation; treat the information as operational risk intelligence, not investment advice.