North Korean Hacking Group Lazarus Claims Responsibility for $48.6M Theft from Iranian Crypto Exchange Nobitex

A suspected North Korean hacking group has reportedly stolen $52 million from the South Korean crypto exchange Upbit. The incident, which was first reported on June 19, 2025, by The Korea Herald, involved the hacking of a portion of Upbit's reporting infrastructure and hot wallets. According to Upbit, the incident affected only a portion of the assets in hot wallets, and users' assets are completely secure as per cold storage standards. The exchange has assured all affected users that they will be compensated through the insurance fund and Upbit resources. The hacking group, known as the Lazarus Group or the Blue Northern Light, has claimed responsibility for the attack. Reports have linked the group to North Korea. The group threatened to release Upbit's source code and internal information within 24 hours, claiming that the attack was in response to the South Korean government's crackdown on cryptocurrency trading and "financial terrorism." The South Korean crypto exchange has been a popular choice for Bitcoin traders, with many international firms moving to South Korea due to its advanced technology and financial infrastructure. However, the country has faced increasing pressure from North Korea to crack down on cryptocurrency trading, which has been used as a means of circumventing sanctions and funding the North Korean regime. The Lazarus Group's next post confirmed the claim made by popular on-chain sleuth John Wick, who observed suspicious outflows from many wallets linked to Upbit on the Ethereum blockchain. This incident highlights the growing threat of cyberattacks in the crypto industry and the need for exchanges to improve their security measures to protect their users' assets. It also underscores the importance of international cooperation in combating cybercrime and protecting the integrity of the global financial system.