PANews reported on November 28th that security firm GoPlus analyzed the Upbit attack and revealed several serious issues: the hot wallet leak points to vulnerabilities in key management and internal network security vulnerabilities. Cold wallets remain secure. The incident is noteworthy for several reasons: 1. It was an "anniversary attack"—the date coincided with the $50 million hack in 2019 (six years ago); 2. The timing was clever—the attack was launched hours after the announcement of the major merger between Dunamu and Naver; 3. It exhibited typical Lazarus characteristics—the speed, methods, and symbolic significance of the attack; 4. Sophisticated money laundering methods—using multiple DEXs, potentially circumventing regulations (2200 SOL tokens transferred to Binance). All these signs indicate that the platform may have been under long-term infiltration by an Advanced Persistent Threat (APT) group.

Previously, Upbit disclosed that approximately 54 billion won worth of Solana network assets had been stolen ; South Korean authorities suspect that the North Korean hacking group Lazarus was behind the attack .