South Korea’s biggest crypto exchange, Upbit, temporarily froze deposits and withdrawals on Thursday after detecting about $36 million in unauthorized outflows from a Solana-network hot wallet.
In an announcement, the exchange said the suspicious transfers were flagged around 4:42 am local time (7:42 pm UTC), prompting a shutdown of transfer services and a full security review of its supported crypto assets.
Upbit confirmed that the compromise was isolated to its hot wallet, highlighting that cold-wallet reserves remained untouched. The exchange moved its remaining assets into cold storage and initiated onchain freezing attempts.
The incident put fresh scrutiny on Dunamu, which had just announced a $10 billion acquisition deal with fintech giant Naver. It also revived memories of Upbit’s 2019 security breach, when the exchange lost nearly $50 million in an attack orchestrated by the North Korean hacking group, Lazarus.
🚨 ALERT: Upbit suspends deposits and withdrawals after $38.5M abnormal outflow on Solana network, reporting the assets were transferred to unknown wallet on Nov 27.
Upbit confirms it will cover all losses. pic.twitter.com/28Eu61s1Tf
— Cointelegraph (@Cointelegraph) November 27, 2025
Upbit to reimburse user funds lost in the breach
Upbit said it had suspended deposits and withdrawals across the platform as a precaution, a measure that will remain in place until it completes its security review. The freeze is not limited to Solana-based assets, as the company works to secure its systems and assess remaining risks.
Trading on the platform continues to operate normally, allowing users to buy and sell assets within the exchange. However, users cannot move funds on or off the platform while the review is ongoing.
The company also assured users that any balances lost as a result of the security incident will be fully covered by its reserves, emphasizing that no customer assets will be lost due to the breach.
Upbit said no action is required for customers to recover their funds. However, the exchange asked users to stay patient as it conducts a platform-wide audit and works with regulators to finalize the investigation.
According to local reports, financial authorities have started on-site inspections to better understand the incident.
While the exchange assured customers that their funds would be returned, it has not revealed a clear timeline.
Cointelegraph reached out to Upbit and Dunamu for comments, but had not received a response by publication.
Related: South Korea stablecoin framework stalls as regulators split over banks’ role
Security incident hits amid Dunamu’s global expansion plans
The incident comes amid an important milestone for Upbit, as its parent company, Dunamu, has struck a $10.3 billion acquisition deal with South Korean search engine platform Naver.
According to a Wednesday filing, Naver Financial will acquire Upbit operator Dunamu in a stock-swap deal valued at 15.1 trillion won (about $10.3 billion). Naver will issue 87.5 million new shares to Dunamu shareholders and will subsequently make Dunamu a wholly owned subsidiary.
In addition to its acquisition plans, Dunamu also plans to launch an initial public offering (IPO) in the United States following the completion of its merger.
Apart from the acquisition and IPO plans, Naver and Dunamu also reportedly plan to invest nearly $7 billion over the next five years to develop an ecosystem for Web3 technologies and artificial intelligence.
Magazine: 2026 is the year of pragmatic privacy in crypto: Canton, Zcash and more