South Korean web giant Naver has had an interesting week, after it acquired a cryptocurrency exchange that the next day revealed it had suffered a serious cyberattack.

The fun started on Wednesday when Naver – which fills online niches served by Google, Yahoo and WhatsApp in other countries – announcing its acquisition of Dunamu Corp, operator of a cryptocurrency exchange called Upbit.

Naver said acquiring Upbit would help to grow its financial services business, making the $10.27 billion stock swap deal a sound investment.

That argument became rather harder to sustain on Thursday, because at 05:27 local time Upbit advised it had suspended withdrawals and deposits to wallets storing the Solana cryptocurrency to allow for maintenance of its wallet system.

At 08:55 the outfit changed the language it used to describe the situation to a mention of “emergency maintenance.”

By 12:33 Upbit admitted maintenance was needed due to an “abnormal withdrawal situation” because somebody made off with ₩54 billion, which it later adjusted to ₩44.5 billion ($30 million).

The outfit said it was investigating the matter, implemented extra security measures, and promised to cover customers’ losses from its own assets.

Upbit has previously been the target of attackers thought to operate on behalf of North Korea, which targets cryptocurrency outfits to prop up its government and fund military spending.

A quick search of The Register’s archives turned up five examples of successful attacks on South Korean crypto outfits.

The nation was also home to Do Kwon, whose so-called “stablecoin” Terra USD collapsed and vaporized $41 billion of investors’ assets. Kwon pleaded guilty to fraud in August, and according to a Thursday report by Bloomberg has argued he should serve just five years in jail.

That short sentence is probably rather less pleasant that the buyers’ remorse Naver may be experiencing after its Upbit investment. ®