%{{tag.tag}} {{articledata.title}} {{moment(articledata.cdate)}} @{{articledata.company.replace(" ","")}} comment - Officials suspect Lazarus after Upbit reports a major Solana-linked outflow tied to compromised admin access- Regulators begin an on-site probe as Upbit halts services and commits to covering all unauthorized lossesSouth Korean officials are examining a security incident at Upbit after a large volume of Solana (CRYPTO: $SOL ) based digital assets was transferred to an unauthorized address. Early assessments from government and industry sources indicate that North Korea's Lazarus Group is suspected of carrying out the breach, marking a renewed focus on intrusion methods previously linked to the group. The scandal has prompted an on-site investigation and a temporary halt to user deposits and withdrawals as the exchange works to establish the exact scope of the event.Indicators Point to Lazarus Group's InvolvementAuthorities stated that the recent unauthorized transfer, valued at about 45 billion won (approximately US$30.6 million), bears similarities to a 2019 case in which 58 billion won worth of Ethereum (CRYPTO: $ETH ) was taken from Upbit.In both instances, investigators believe that attackers may have gained access by compromising or impersonating administrative accounts instead of targeting core server infrastructure. A government official said this pattern remains consistent with methods previously attributed to Lazarus.Security officials added that the timing of the breach coincided with broader financial pressures in Pyongyang, noting that past cases involved stolen funds being moved through multiple platforms in an effort to obscure their origin. They also pointed out that Thursday's attack occurred one day after Naver Corp. announced its decision to acquire Dunamu through a share-swap arrangement, though no direct link between the announcement and the breach has been confirmed.Upbit Confirms Unauthorized Solana OutflowDunamu, the operator of Upbit, confirmed that 44.5 billion won in Solana-affiliated assets was transferred without authorization. According to the exchange, the affected tokens include Double Zero (2Z), Official Trump (CRYPTO: $TRUMP ), Bonk (CRYPTO: $BONK ), and Jupiter (CRYPTO: $JUP ). Upbit reported that an abnormal outflow on the Solana network allowed the assets to be moved to an external wallet after certain exchange wallets were compromised.Following the incident, Upbit suspended all deposits and withdrawals to conduct a full review of its systems. The exchange stated it is prioritizing asset protection across remaining networks and has committed to covering the full amount involved in the unauthorized transfers using its own reserves. In a public notice, the company said it quickly identified the extent of the outflow and initiated measures to prevent further loss.Regulators Launch On-Site InspectionSouth Korea's Financial Supervisory Service confirmed that its Virtual Asset Supervision Bureau has initiated an on-site inspection expected to continue through next week. Investigators are reviewing wallet activity, administrative-access records, and internal controls as part of their assessment.Authorities say the investigation remains ongoing as they work to determine how the unauthorized transfer occurred and whether additional security weaknesses were exploited.