Upbit Hacked: $38 Million in Solana Assets Stolen from Hot Wallet

Upbit Suffers Massive $38 Million Hack: Hot Wallet Compromised, Solana Assets Frozen

The South Korean cryptocurrency exchange Upbit, a prominent player in the digital asset market, has been hit by a significant security breach. In a devastating incident occurring on November 27, 2025, an unauthorized actor managed to drain approximately $38 million worth of assets from the platform's hot wallet, specifically impacting tokens within the Solana ecosystem. This audacious cyberattack unfolded just hours after Naver, the tech giant, finalized its acquisition of Upbit's parent company, Dunamu.

The immediate aftermath saw Upbit swiftly halt all transactions related to Solana network tokens. The exchange confirmed a series of anomalous outbound transfers detected around 04:42 AM, indicating a sophisticated and rapid exploitation. These illicit movements siphoned off an estimated 54 billion South Korean won, encompassing over two dozen different digital assets. Prominent among the stolen holdings were popular Solana ecosystem tokens such as SOL, USDC, BONK, and RAY, alongside JUP. Further confirmed victims included Jito (JTO), Moodeng (MOODENG), Official Trump (TRUMP), Access Protocol (ACS), and Sonic SVM (SONIC).

Assets Diverted to Unknown External Wallet; Cold Storage Remains Secure

Dunamu's official statement clarified that the stolen funds were transferred to an "unknown external wallet." Crucially, the exchange assured its user base that its cold storage wallets, which house the vast majority of assets offline and thus offer a more robust defense against such breaches, remained entirely untouched. This distinction is vital, underscoring the targeted nature of the attack on the more vulnerable hot wallet.

Full Compensation Promised Amidst Recovery Efforts

In a reassuring move for its users, Upbit's CEO, Oh Kyeong-seok, announced that the exchange would fully compensate all losses incurred from the unauthorized withdrawals using its own funds. This commitment aims to shield users from the financial repercussions of the hack, preventing any impact on their personal holdings. "The scale of the losses caused by the anomalous withdrawals was internally determined immediately after confirmation," stated Oh Kyeong-seok, highlighting the swift internal response.

To mitigate further damage and facilitate recovery, Upbit has taken decisive action. The compromised hot wallet has been isolated, with the remaining assets being transferred to cold storage. Furthermore, a comprehensive audit of the platform's entire deposit and withdrawal infrastructure across various networks has been initiated. In a significant move to potentially reclaim stolen assets, Upbit is actively collaborating with Solana projects to freeze the illicitly transferred funds. Notably, Solayer (LAYER) tokens valued at approximately 23 billion won (around $15.7 million) have been frozen, a figure substantially exceeding earlier reports of $8.18 million. This suggests a dynamic and ongoing effort to track and immobilize the stolen cryptocurrency.

Hack Casts Shadow Over Naver Integration and Regulatory Scrutiny

This security incident arrives at a particularly sensitive juncture for Dunamu, as it is in the process of integrating with Naver Financial. This ambitious $13.6 billion deal is geared towards forging a new fintech ecosystem with a strong emphasis on Web3 technologies and artificial intelligence. The hack's timing inevitably intensifies scrutiny on Upbit's operational integrity, especially as the exchange was reportedly preparing for a potential Nasdaq listing and had recently settled a hefty 35.2 billion won fine for AML (Anti-Money Laundering) compliance failures.

The complexity of this breach serves as a stark reminder of the perennial vulnerabilities associated with hot wallets. These online-connected wallets, while convenient for facilitating frequent transactions, remain a prime target for cybercriminals. Upbit itself had previously reported a staggering number of attack attempts, exceeding 159,000 in the first half of 2023 alone, underscoring the persistent threat landscape.

The fallout from this substantial loss is expected to draw the attention of regulatory bodies. The Fair Trade Commission, which is already evaluating the Naver-Dunamu merger for potential antitrust risks, will likely factor this security incident into its broader assessment of the market's stability and competitive landscape. Upbit has unequivocally stated that it will not resume operations until comprehensive additional security checks have been successfully completed, prioritizing user safety and trust above all else.

Rising Tide of Crypto Exploits

The Upbit incident is not an isolated event; it occurs amidst a recent surge in significant cybersecurity attacks targeting the cryptocurrency space. Just days prior, the GANA payment system on the BNB Chain was compromised. Weeks before that, a coordinated assault hit the DeFi protocols Balancer and Stream Finance simultaneously, resulting in substantial asset losses for both platforms. These repeated exploits highlight the ongoing arms race between malicious actors and security professionals in the rapidly evolving digital asset arena.