South Korean crypto trade Upbit says that there’s “no excuse” for the “inadequate security management” that has led to a severe personal key vulnerability on its platform.
Oh Kyung-seok, the CEO of Upbit’s mother or father firm, Dunamu, issued a press release at present that claimed the vulnerability, which may enable would-be hackers to guess one other consumer’s personal keys, was found throughout its evaluation of public Upbit pockets transactions on the blockchain.
Translated from Korean utilizing DeepL, Oh apologized for the 44.5 billion Received ($30 million) theft from the agency’s Solana scorching pockets, saying, “This intrusion incident resulted from inadequate security management at Upbit, and there is no excuse for this.”
Upbit says attackers might need inferred personal keys by analyzing consumer pockets tackle patterns. If true, I doubt anybody aside from North Korean hackers (Lazarus) may do that. pic.twitter.com/cS4I8okrVb
— Ki Younger Ju (@ki_young_ju) November 28, 2025
CryptoQuant CEO Ki Younger Ju thinks Lazarus is likely to be the wrongdoer of Upbit’s hack.
The CEO revealed that 38.6 billion Received ($26.2 million) consisted of “member losses” and that 2.3 billion Received was frozen. Oh additionally claimed that the opposite 5.9 billion Received ($4 million) was made up of firm losses.
Oh’s assertion claims that Upbit was in a position to tackle the personal key estimation vulnerability and likewise totally reimburse consumer losses with Upbit’s remaining reserves.
“To protect member assets, Upbit has suspended digital asset deposits and withdrawals, is tracking digital assets moved outside of Upbit, and is taking freezing measures,” it claimed.
Lazarus suspected of personal key exploit
Upbit was previosuly focused by the group six years in the past when it stole $50 million value of ether in 2019.
The crypto trade stated at present that “Upbit has consistently strived to safeguard member assets, but this incident has once again made us realize that there is no such thing as perfect security preparedness.”
Crypto safety agency CertiK has warned in a report this 12 months in regards to the potential for hackers to foretell, and even reconstruct, the personal keys of crypto wallets.
It highlights how the personal key generator Profanity could possibly be exploited by way of a brute pressure assault, and was possible the supply of a non-public key leak that led to the $160 million hack of the market maker Wintermute.
As a result of Profanity’s tackle generator solely has “2^32 possible initial key pairs and each iteration is reversible, attackers could recover any Profanity-generated private key from its corresponding public key,” CertiK claimed.
