North Korea-linked Lazarus Group suspected in ~KRW 45B ($30M) Upbit Solana hack
Security researchers and South Korean authorities suspect the North Korea-linked Lazarus Group (APT38) stole about KRW 44.5–45 billion (≈$30–31M) in Solana-related assets from Upbit on November 27. Dunamu, Upbit’s operator, confirmed an unauthorized transfer of KRW 44.5 billion in Solana-affiliated assets to an unknown wallet and said it will cover the full loss from company funds to protect customers. The exchange launched an emergency security review, began moving assets to cold storage, attempted to freeze relevant on-chain transactions, and ordered a full audit of deposit/withdrawal systems beyond Solana. Cybersecurity firm GoPlus earlier reported the breach exploited hot-wallet key management and internal network weaknesses while cold wallets remain intact; attackers routed assets through multiple DEXs and moved some funds (reported transfers of SOL to Binance) to launder proceeds. Authorities plan an on-site investigation; South Korean agencies and media flagged tactics consistent with Lazarus: rapid execution, symbolic timing, and professional laundering steps. For traders: the incident directly involves Solana (SOL) liquidity and could increase short-term selling pressure or withdrawal scrutiny on venues handling SOL. Laundering via DEXs and CEXs may prompt regulatory action, exchange withdrawal freezes, or delistings for affected tokens. This remains an evolving operational-risk story — monitor on-chain movements, centralized exchange behaviors, and official updates before adjusting positions.
Bearish
Short-term: Bearish for SOL. The confirmed unauthorized transfer of ~KRW 44.5B in Solana assets directly reduces available liquidity and increases selling pressure as stolen funds are routed through DEXs and CEXs. Market participants often react to high-profile exchange breaches with withdrawals, margin calls and short-term price weakness for the affected asset. Centralized exchanges may temporarily tighten SOL withdrawals or list riskier SOL trading pairs, increasing volatility. Medium/long-term: Mixed to neutral. Dunamu’s pledge to cover customer losses and intact cold wallets reduce counterparty risk for Upbit users, which can limit systemic contagion. If regulators and exchanges tighten AML controls, that could compress illicit flow but also temporarily reduce on-chain liquidity and trading volumes for SOL. Reputational damage to exchange security and repeated state-linked attacks may weigh on investor sentiment for SOL and centralized venues handling it. Traders should monitor on-chain flows, suspicious SOL deposits to exchanges, Binance/major CEX handling of flagged funds, and official investigation updates before initiating large directional bets.