The recent Upbit exchange hack that affected Solana assets has sent shock waves through the crypto industry. Everyone in the circle has turned their heads at one of the major hacking groups in the world — the Lazarus Group. But wait, this is just an allegation, as the North Korean group has carried out similar exploits before.   Â
A South Korean news agency reported that North Korea’s Lazarus Group is suspected of orchestrating the Upbit exchange hack that drained nearly $36.8 million in Solana assets. The stolen funds were transferred to unauthorized wallets.
The 2019 and 2025 Upbit hacks show some similarities
A mere coincidence or a well-planned hack? Upbit was hacked back in 2019, resulting in $50 million (342,000 ETH) in Ethereum moving to hackers’ wallets. This happened on November 27, 2019.
Now, years later, on November 27, 2025, the hackers have again thrown their anchor at Upbit, stealing millions worth of Solana tokens. The date, month, and year are the same!
The 2019 breach also has roots attributed to another group called Andariel. The South Korean National Police Agency (NPA) and the Federal Bureau of Investigation (FBI) investigated this case and finally announced in late 2024 that the theft was linked to North Korean origins – Lazarus and Andariel.
Lazarus Group’s crypto hack is familiar in the industry
Lazarus Group is notorious for hacking millions of assets, both in crypto and other industries. Besides stealing money, they are well-known for cyber attacks, including sabotage, espionage, ransomware campaigns, malware deployment, and much more.
In addition to Upbit hacks, the notorious team has dipped its toes in the Bybit exchange, stealing nearly $1.5 billion. This tremendous exploitation is considered the single largest heist in the history of crypto.
Between 2021 and 2023, the Lazarus Group has allegedly carried out more than five hacks — $624 million from the Ronin Network, $100 million from Atomic Wallet, $41 million from Stake.com, etc. The very prominent WazirX multisig Ethereum wallet exploit in 2024 has also been connected to investigations involving the Lazarus Group.
The group has reportedly stolen a total of nearly $6 billion in crypto assets over the years.
That’s not all, the hacking team has even expanded their activities to the job hunting field, posing as crypto firms and spreading malware through job interviews.
