- Exchange Response
- Not the First Time
- Details of the Latest Breach
- Upbit’s Actions
- Will Services Be Restored?
- Why This Hack Matters
South Korea’s largest cryptocurrency exchange, Upbit, has been hit by a major security incident — a massive breach involving the Solana ecosystem. The losses are substantial, reaching roughly 54 billion won (about $36 million).
During the early-morning attack on November 27, the attackers managed to siphon off a large volume of Solana-based assets, including SOL, USDC, and several smaller tokens. All stolen funds were moved to an unidentified wallet.
Exchange Response
Reacting to the emergency, Oh Kyung-sok, CEO of Dunamu (Upbit’s parent company), confirmed that the exchange immediately took steps to minimize risk. As soon as the first signs of suspicious activity were detected, Upbit temporarily halted all deposits and withdrawals while launching a full security review.
A spokesperson stated: “Upbit has immediately stopped processing deposit and withdrawal requests in order to focus on securing user assets to the fullest extent possible.”
Not the First Time
This is not Upbit’s first major security breach. Exactly six years ago, in November 2019, the exchange suffered a high-profile theft of 342,000 ETH valued at around $41.5 million at the time. That attack was officially attributed to a hacker group believed to be operating out of North Korea.
The value of the stolen Ether has since surpassed $1 billion, making it one of the most significant crypto thefts linked to North Korea.
Details of the Latest Breach
The latest incident surfaced early on November 27, 2025. At approximately 4:42 AM, Upbit detected an attempt to mass-transfer Solana ecosystem assets to an unknown address. The missing funds include substantial amounts of SOL and USDC, as well as several lower-cap tokens.
According to Upbit, the event was classified as “abnormal withdrawal activity” specifically affecting the Solana network.
Upbit’s Actions
Oh Kyung-sok outlined the steps being taken to mitigate the damage:
“We have identified the volume of digital assets lost due to unauthorized withdrawals, and we guarantee full compensation from the exchange’s own reserves so that our customers do not suffer any losses.”
To strengthen security, Upbit is undertaking a major overhaul of its infrastructure. All assets are being transferred to secure cold wallets to prevent further unauthorized movements. At the same time, the exchange is conducting an in-depth security review of its internal systems and wallet infrastructure.
Will Services Be Restored?
Service resumption will only occur after a comprehensive audit of all deposit and withdrawal systems — not just those tied to Solana. Once Upbit confirms that no critical vulnerabilities remain, functionality will gradually be restored.
In addition to the internal audit, Upbit plans to take several measures to regain control of the stolen assets, including attempts to freeze wallets involved in the attack. Among these actions is the freezing of approximately 12 billion won worth of funds. The exchange is working closely with partners and government agencies to support the investigation and recovery efforts.
Why This Hack Matters
This breach comes at a particularly sensitive moment for Upbit. The company is preparing for a listing on the NASDAQ stock exchange, a move expected to follow the acquisition of Dunamu by tech giant Naver. The multibillion-dollar deal was anticipated to be finalized on November 26.
Going public and securing such a major acquisition demands extreme caution and accountability — which explains Upbit’s swift and forceful reaction to the attack.
