South Korea’s Upbit Reports Major Security Breach
South Korea’s largest cryptocurrency exchange, Upbit, has disclosed a significant security incident involving a hot-wallet compromise on the Solana network, resulting in approximately $36 million in losses. The breach occurred early Thursday morning, prompting immediate emergency measures from the exchange to contain the damage and protect customer assets.
Details of the Solana Network Breach
The security incident was detected at approximately 04:42 on November 27, 2025, when Upbit identified irregular transfers of Solana-based assets to an unauthorized external wallet address. The exchange quickly moved to halt certain services while investigators worked to trace the flow of stolen funds across the blockchain.
Affected Cryptocurrencies and Tokens
The breach impacted a diverse range of digital assets on the Solana network, including meme coins such as Bonk (BONK), Moodeng (MOODENG), and Official Trump (TRUMP), along with prominent DeFi tokens including Jito (JTO), Sonic SVM (SONIC), and Raydium (RAY). The stolen assets also included significant amounts of Solana (SOL) and Circle’s USD Coin (USDC), highlighting the broad scope of the security compromise.
Immediate Response and Security Measures
Following the detection of unauthorized withdrawals, Upbit initiated comprehensive emergency security protocols. The exchange immediately moved all remaining assets into cold storage to prevent further losses and began coordinating with relevant blockchain projects to attempt on-chain freezes of stolen tokens. Their efforts have already resulted in the successful freezing of a portion of Solayer (LAYER) tokens.
Customer Protection and Compensation
In a statement from Dunamu CEO Oh Kyung-seok, the exchange committed to fully reimbursing all affected customers using company assets. “The scale of the loss caused by the abnormal withdrawals was identified internally immediately upon confirmation,” Oh stated, adding that Upbit will “fully compensate the entire amount with its own assets so that no impact occurs to members’ assets.”
Service Suspension and Security Review
Upbit has temporarily suspended broader deposit and withdrawal services while conducting system-wide security checks. The exchange emphasized that normal operations will only resume after comprehensive security reviews are completed and all vulnerabilities have been addressed. This precautionary approach reflects the exchange’s commitment to maintaining robust security standards despite the significant financial impact.
Broader Implications for Crypto Security
This security breach occurs during a critical period for Upbit’s parent company, Dunamu, which is currently navigating a major corporate transition as it prepares to be absorbed into Naver Financial. The incident serves as a stark reminder of the persistent security challenges facing cryptocurrency exchanges, particularly concerning hot-wallet vulnerabilities and the importance of multi-layered security protocols in the rapidly evolving blockchain ecosystem.
