Merkle Science tracked the movement of funds from the November 27, 2019 Upbit cryptocurrency-exchange breach, in which 342,000 ETH, worth about US$50 million at the time, was transferred from Upbit's hot wallet to a hacker-controlled Ethereum address. The article explains that the stolen ETH had been held in an internet-connected hot wallet without multi-signature controls, allowing the attackers to sign the outgoing transaction after obtaining the private key; Upbit said it would cover customer losses, moved remaining hot-wallet assets to cold storage, and suspended deposits and withdrawals for investigation. Merkle Science followed onward transfers from the initial hacker wallet into multiple Ethereum addresses, including flows associated with Binance, Huobi, 60cek.org, and Switchain/Changelly, and assessed that the hackers were testing exchanges and coin-swap services to launder the stolen ETH. The source focuses on blockchain fund movement and mitigation by exchanges; it does not attribute the Upbit breach to a named DPRK actor.