The development follows Upbit’s disclosure on Thursday that irregular withdrawals on the Solana network drained roughly $36 million across multiple tokens, prompting Dunamu, its parent company, to freeze affected wallets, move remaining funds offline, and commit to fully reimbursing customers.
“The abnormal withdrawals occurred from hot wallets. The cold wallets were not subjected to any breach or theft,” a spokesperson from Dunamu told Decrypt following the incident, confirming that all assets were transferred to cold wallets “to prevent any additional withdrawal” and that the exchange was “taking on-chain measures to freeze transactions.”
The company has also “reported the occurrence of the abnormal withdrawals to the relevant authorities,” in accordance with local laws, and is “currently investigating the cause and scale of the outflows,” the spokesperson added.
Decrypt has reached out separately to ask Dunamu whether it could confirm or believes the suspected group is behind the attack.
A representative from PeckShield, the blockchain security firm that first shared Dunamu’s disclosure regarding the anomalous withdrawals on Thursday, told Decrypt that it did not have a comment “regarding the actor behind it,” as well as any “concrete evidence regarding the investigation yet.”
CertiK, another blockchain security firm, maintains an analytics dashboard on Upbit through its Skynet program.
The firm “followed the fund flow of over 100 exploiter addresses on Solana,” and observed that “the speed and scale of withdrawals are reminiscent of previous Lazarus-related attacks,” although it does not have “definitive evidence on the chain yet,” a representative from CertiK told Decrypt, adding that it will continue to monitor the fund movement “to see if they trace to Lazarus-related laundering network.”
The Lazarus Group is a North Korean state-linked hacking outfit long tied to high-impact crypto thefts. The group has been linked to major exploits targeting exchanges, decentralized finance protocols, and infrastructure providers.
