Upbit suffered a ~$38.5M hack on the Solana network. The exchange halted transfers, pledging full compensation from its own assets. This echoes past security challenges.
Upbit issued an announcement today at 12:33 KST (UTC+9). It said an abnormal outflow of assets occurred. The hack was worth some 54 billion KRW (~$36.8 million). It occurred on the Solana network. This happened sometime around 04:42 KST (UTC+9) on November 27. Withdrawals of the concerned assets have been temporarily suspended.
Upbit Activates Emergency Measures After Early-Morning Outflow
The incident originated from 4:42 a.m. KST, when several Solana-linked tokens were transferred to an unknown external wallet. Upbit moved rapidly and suspended deposits and withdrawals. Furthermore, the exchange affirmed that it will cover all the losses with corporate assets. This pledge was reminiscent of recovery actions taken when it breached in 2019.
Upbit(@Official_Upbit) has been hacked — 54B KRW (~36.8M USD) in assets on #Solana have been transferred to unknown wallets.https://t.co/plbmBz2G4Nhttps://t.co/YOHoqDVfqa pic.twitter.com/DM5BxSTtXA
— Lookonchain (@lookonchain) November 27, 2025
Upbit had over twenty affected tokens on its list, which included SOL, RAY, JUP, ORCA, and USDC. The platform also moved all remaining assets to cold storage. This move was to prevent further unauthorized transfers. Additionally, Upbit launched on-chain freezing efforts to contain the breach. The team was able to freeze off ₩12 billion worth of Solaire successfully after coordinating with related projects.
Related Reading: Exchange News: South Korea’s Internet Giant Naver to Take Over Upbit Parent Dunamu | Live Bitcoin News
Upbit said it is monitoring the remaining stolen assets. Moreover, it is still cooperating with external partners for further freezing measures. Executives said these steps reflect a larger push to curb more damage during the ongoing investigation.
Platform-Wide Security Checks Begin as Investigators Assess Threats
Upbit also started a total security revamp throughout all deposit and withdrawal systems. Engineers are looking at platform components outside of the Solana network. Therefore, the exchange plans to go back to transfers only after ensuring complete safety. This is similar to its long recovery from prior incidents.
Security analysts said North Korean groups such as Lazarus and Andariel have been attacking Korean exchanges in previous attacks. Consequently, they suggested that there may be similar actors involved. However, investigators have not established any attribution. Experts added that the level of sophistication of previous operations suggests good coordination between hostile groups.
Industry observers noted the history of successful recovery of Upbit. They pointed to the successful asset retrieval that resulted from its 2019 breach. Therefore, in their view, international cooperation might again aid in the current effort. Moreover, they noted that quick action to cold wallets in such cases can be a significant limiting factor of exposure.
Upbit Vows Complete Repayment While Analysts Warn of Stricter Rules
Dunamu CEO Oh Kyung-seok reassured users that their assets were still safe. He emphasized that Upbit will make full compensation for all the losses. Furthermore, he encouraged customers to notify him of any suspicious activity. This request may help investigators track the movement of stolen tokens across chains.
Market analysts raised concerns of possible regulatory impacts. They said future reviews could increase the security requirements of the industry. As a result, exchanges may be subject to novel hot-wallet exposure standards. Experts also predicted an increased emphasis on liquidity protections and swift incident-response procedures.
Looking to the future, researchers posited that for the world to be successfully contained, it needs coordinated monitoring. They think that the increased controls at Upbit could have an impact on policy debates in the region. Moreover, they anticipate the incident will hasten efforts to achieve higher levels of security baselines. Therefore, they recommended that better safeguards could build better long-term resilience in the face of growing threats to digital markets.