BNB $548.88 -1.52%
XRP $1.04 -1.41%
ETH $1,558.68 -0.93%
BTC $59,090.73 -1.70%
BNB $548.88 -1.52%
XRP $1.04 -1.41%
ETH $1,558.68 -0.93%
BTC $59,090.73 -1.70%
BREAKING
Stablecoin Supply Drops $9.4 Billion, Squeezing Crypto Dry Powder Velvet Surges 21% as LAB Plummets — Daily Movers June 29 FCA Targets 11 Commodity Traders in £1 Million Competition Probe CoinEx Tied to $3.84 Billion in Iranian Crypto Flows Across 60-Plus Entities Bitwise Stakes $114 Million in HYPE Tokens After Hyperliquid ETF Launch Pi Network's 3 Pillars: Daily Taps, Trust Graphs, and the SCP Model Stablecoin Supply Drops $9.4 Billion, Squeezing Crypto Dry Powder Velvet Surges 21% as LAB Plummets — Daily Movers June 29 FCA Targets 11 Commodity Traders in £1 Million Competition Probe CoinEx Tied to $3.84 Billion in Iranian Crypto Flows Across 60-Plus Entities Bitwise Stakes $114 Million in HYPE Tokens After Hyperliquid ETF Launch Pi Network's 3 Pillars: Daily Taps, Trust Graphs, and the SCP Model
Altcoins News

Massive Upbit Security Breach Freezes Solana Trading and Overshadows Major Partnership

James Thorp · · 4 min read
Share:Follow on Google News
Solana hack

Community Trust ScoreVerified

97%
Real
Verified34 votes
Updated 7 months ago

Upbit, South Korea’s largest cryptocurrency exchange by trading volume, is under intense scrutiny after confirming unauthorized withdrawals of Solana-based assets totaling nearly 54 billion KRW (about $36 million). The timing of the breach could not have been worse for the company: it unfolded on the same day Dunamu — Upbit’s parent firm — announced its high-profile strategic collaboration with tech giant Naver, a deal intended to cement dominance in the global Web3 and AI industries.

Instead of becoming a milestone moment for Dunamu’s expansion plans, the exchange found itself rushing to reassure users and contain the damage from one of the most serious security incidents of the year.

Upbit Locks Down Solana Services After Identifying Irregular Withdrawals

The breach was detected on Thursday morning after Upbit’s system flagged abnormal outgoing transactions involving Solana-ecosystem tokens. The unauthorized transfers hit a wide range of assets — including SOL, USDC, BONK, Jupiter (JUP), Raydium (RAY), Render (RENDER), Orca (ORCA), and Pyth Network (PYTH) — signaling that attackers specifically targeted wallets used for Solana-based trading.

The exchange moved quickly to suspend all deposits and withdrawals for assets linked to the Solana network. Emergency inspections were launched, and Upbit posted multiple real-time updates on its customer center between November 26 and 27. These updates outlined each step the exchange was taking, including the publication of every wallet address associated with the irregular withdrawals.

Advertisement

Security analysts observing the situation said Upbit’s response appeared timely and strategic, prioritizing user balance protection while forensic teams investigated how the transfers occurred. Early reports suggest the incident stemmed from vulnerabilities in Upbit’s hot wallet infrastructure — the system that holds active trading funds and remains connected to the internet for faster liquidity.

A Breach Overshadowing a Historic Collaboration

The incident has an added layer of irony: the breach landed on what was meant to be a landmark day for Dunamu. The company had been poised to mark its new alliance with Naver, South Korea’s largest internet portal operator. The partnership — including participation from Naver Financial — is projected to involve 10 trillion won in investment over five years to strengthen the country’s AI, Web3, and next-generation digital infrastructure.

For months, Dunamu positioned this collaboration as a turning point in its global ambitions. Analysts expected the deal to boost investor confidence and accelerate international expansion. Instead, conversations across South Korean financial communities shifted sharply toward security risks and user safety.

While the estimated loss of 54 billion KRW is significant, experts noted that it remains smaller than several record-breaking exchange breaches seen in past global hacking incidents. Still, the symbolic impact on Dunamu’s big day could have longer-term reputational consequences.

In a written statement, Upbit confirmed it had calculated the exact sum of lost assets and reassured customers that the company would “fully cover the loss with Upbit’s own assets so that customers are not affected in any way.”

An Unsettling Reminder of 2019

For longtime Upbit users, the latest breach evokes memories of one of South Korea’s most infamous crypto incidents. Back in November 2019, the exchange lost 342,000 ETH — equivalent to roughly 58 billion won (around $50 million at the time). With Ethereum’s later price increases, that figure now sits near $1.04 billion.

Korean authorities spent years investigating that case before officially concluding in late 2024 that North Korean groups Lazarus and Andariel were responsible. Investigators cited evidence ranging from IP data to language patterns linked to hacking operations. Along with this, collaboration with the U.S. Federal Bureau of Investigation helped confirm blockchain laundering trails.

About 57% of the stolen ETH was reportedly converted into Bitcoin using three cryptocurrency exchanges created by the attackers themselves before the funds were liquidated. The remaining 43% was washed through 51 exchanges across 13 countries — including China, the United States, Hong Kong, and Switzerland. In October 2024, Swiss judicial cooperation resulted in the recovery of a small portion — 4.8 BTC — which was returned to Upbit. Authorities say many remaining exchanges have refused to cooperate.

Renewed Questions About Hot Wallet Security

The latest incident has intensified industry-wide discussion about the role of hot wallets in cryptocurrency exchanges. While these systems ensure liquidity for fast deposits and withdrawals, they also serve as an entry point for exploitation because they remain online. Cold wallets — disconnected storage — are considered safer but slower for real-time trading.

The breach suggests attackers focused precisely on Solana-based hot wallet infrastructure, prompting debate over whether Solana network integrations could require additional layers of security when used by centralized exchanges. Analysts also expressed concern that criminals are increasingly targeting the operational layers of exchanges rather than seeking vulnerabilities in blockchain protocols.

Users Await Full Service Restoration

While Upbit’s quick reaction has been praised by some security experts, customers continue to wait for clarity on when deposits and withdrawals for Solana-linked assets will resume. The exchange has not provided a timeline, explaining that investigations must be completed before services can reopen without risk.

For now, all affected tokens remain in suspended status. Users can still trade within the exchange internally using existing balances, but transfers are temporarily unavailable.

South Korea remains one of the world’s most active digital asset markets, and Upbit continues to hold the overwhelming majority of domestic trading share. The exchange’s ability to fully restore confidence — especially in the wake of such a high-profile breach — could play a major role in shaping both regulatory momentum and user trust going forward.

Post Views: 181
Community Trust IndexHigh Confidence
97%
Real
Real97%3%Fake
34 community signals

Post Views: 181
Share:Follow on Google News

James Thorp

James Thorp is a passionate crypto journalist from South Africa specializing in Litecoin, Dash, and emerging digital assets. With years of experience covering the crypto markets, James delivers in-depth analysis and breaking news on altcoins, blockchain adoption, and decentralized payment networks for The Currency Analytics.

Advertisement

Related Stories