South Korean crypto exchange Upbit suffered a significant security breach on November 27, 2025, after detecting unauthorized withdrawals of Solana-based digital assets valued at approximately ₩44.5 billion ($33–36 million).
The incident prompted an immediate shutdown of all deposit and withdrawal services linked to the Solana network, as the exchange moved to contain the attack and initiate emergency inspections.
Details of the Breach
Upbit stated that the abnormal withdrawal activity occurred around 04:42 local time and originated from one of its hot wallets, which store assets connected to live trading systems. The exchange emphasized that its cold wallets, offline storage used to safeguard the bulk of customer funds, remained secure and uncompromised.
Initially estimated at ₩54 billion, the figure was later updated to reflect accurate market prices at the time of the breach. The exploit impacted a wide array of Solana ecosystem assets, including SOL, USDC, BONK, JUP, RAY, RENDER, ORCA, PYTH, and more than a dozen other tokens, such as DRIFT, IO, MEW, TRUMP, and Solaire (LAYER).
Some of the stolen assets were successfully frozen, approximately ₩2.3 billion worth of LAYER tokens, while the remainder was transferred to unidentified external wallets.
Response and Recovery Efforts
Upbit disclosed all affected wallet addresses and launched an “enhanced security review” across all networks, not only Solana. The exchange also moved all remaining Solana-based assets into cold storage to prevent further unauthorized transfers.
Forensic specialists, blockchain teams, and external partners are assisting in tracking the outflows and freezing additional tokens.
Assurance to Users
Oh Kyung-seok, CEO of Dunamu, Upbit’s parent company, issued a public apology and assured users that all losses will be fully covered by Upbit’s own reserves, ensuring that customer assets remain unaffected.
“We immediately suspended services and identified the extent of the outflow. The entire amount will be compensated by Upbit,” he said.
Historical Context and Concerns
The incident echoes Upbit’s 2019 hack, when the exchange lost 342,000 ETH in an attack later attributed to North Korean state-linked actors. The latest breach raises renewed concerns about vulnerabilities in hot-wallet infrastructure across centralized exchanges.