Key Highlights
- Upbit suffered a ₩54 billion, around $36 million, breach after its Solana hot wallets were drained early Thursday.
- Deposits, withdrawals, and SOL staking remain suspended while the exchange conducts a full security and infrastructure review.
- Upbit and partners have already frozen about ₩12B worth of Solaire (LAYER) tokens and are tracing the remaining stolen assets.
South Korean crypto exchange Upbit has disclosed a fresh security breach that drained roughly 54 billion won, about $36.9 million, from its Solana hot wallets early morning on Thursday.
According to the company, a batch of Solana-based tokens—including SOL, USDC, and dozens of smaller assets—was unexpectedly transferred to an unknown external wallet around 4:42 a.m. KST on November 27.
Upbit immediately halted all deposits and withdrawals, launched a full inspection of its wallet systems, and transferred remaining assets into secure cold storage.
Oh Kyung-seok, CEO of Upbit operator Dunamu, apologised for the disruption and said the company’s priority is protecting users. He added that all assets were moved to secure cold wallets to prevent any further unauthorised transfers.
Freezing stolen funds
Upbit has begun taking on-chain action to freeze the stolen funds. About ₩12 billion worth of Solaire (LAYER) tokens have already been frozen with help from relevant projects. The exchange says it is continuing to trace the remaining tokens and is coordinating with partners and authorities to attempt further freezes and support any investigations.
While trading for Solana-related tokens continues normally, deposits, withdrawals, and SOL staking remain suspended as Upbit conducts a broader security review of its entire infrastructure.
The company warned that deposits sent during the pause may not appear in user accounts and will only be processed after systems are confirmed safe. Staking applications are also on hold, though reward generation and validator operations are unaffected.
The suspension affects a wide range of Solana-network assets—including SOL, USDC, BONK, ORCA, JUP, RENDER, PYTH, and others—and aligns with requirements under South Korea’s Virtual Asset User Protection Act.
Upbit added that any blockchain transactions occurring during maintenance will be processed only after verification, which could lead to delays. It has also asked users to report any suspicious information related to unauthorized withdrawals to Customer service channels.
The exchange says deposits and withdrawals will resume in stages once its security review is complete and systems are fully stabilised.
Incident echoes Upbit’s 2019 hack
The breach comes almost exactly six years after Upbit suffered a major 2019 incident in which 342,000 ETH was transferred from its hot wallet to an anonymous address. South Korean authorities later linked that theft, which is now worth over $1 billion, to North Korean hackers.
The parallels between the two dates have drawn attention within the crypto community, though Upbit says all current losses will be absorbed fully and user assets remain safe.
The timing is particularly sensitive as Upbit’s parent company, Dunamu, is reportedly in talks for a large-scale merger with Naver, one of South Korea’s biggest tech firms. The proposed deal would be valued in the multibillions and could set the stage for Upbit’s long-anticipated ambitions toward a possible Nasdaq listing.
Also Read: Korea FIU Set to Impose Heavy Penalties on Crypto Exchanges
