thecryptobasic.com
South Korea’s largest crypto exchange, Upbit, has confirmed a major security breach on the Solana network, resulting in the siphoning of about $38 million in digital assets.
The incident began when Upbit noticed irregular withdrawal behavior at around 4:42 a.m. KST on November 27. During this window, several Solana-based assets, including SOL, USDC, BONK, TRUMP, and smaller tokens, were moved to an unauthorized external wallet.
Upbit described the pattern as an “abnormal withdrawal,” prompting immediate internal alerts.
Swift Actions
In response, Dunamu CEO Oh Kyung-seok explained that the exchange suspended deposits and withdrawals as soon as the anomaly surfaced. This swift action, in turn, allowed the team to prevent further unauthorized activity.
To further safeguard user funds, Upbit transferred all assets to cold wallets, creating a secure buffer against additional movement. Subsequently, the company initiated a systemwide review to pinpoint vulnerabilities in the affected infrastructure.
Following this review, Upbit confirmed the full-scale outflow and stated that it will absorb the financial impact using its own holdings.
Meanwhile, Upbit has already frozen approximately $8.20 million in stolen tokens through on-chain monitoring. Furthermore, work is ongoing with partner projects to track and block the remaining assets as investigators trace their path across the network.
Regulators Expected to Join Investigation
As recovery efforts expand, Upbit expects law enforcement and regulators to participate in the investigation. The exchange has committed to supplying all necessary data to support official inquiries.
To further reduce risk, Upbit has initiated a comprehensive inspection of its entire deposit and withdrawal system. This audit goes beyond Solana-related components and aims to confirm the overall stability of its digital asset operations. Services will reopen gradually once these checks are complete.
Incident Recalls Upbit’s 2019 Breach
The latest breach also echoes a major attack on Upbit that occurred on the same date six years earlier. In 2019, hackers stole 342,000 ETH, worth about $41.5 million at the time. South Korean authorities later linked the theft to North Korean actors.
That stolen Ethereum has since grown to exceed $1 billion, making it one of the most significant crypto heists linked to North Korea. The parallel in timing adds extra scrutiny to the current case.
Security Crisis Emerges Amid Corporate Merger Talks
Notably, this security incident unfolds as Upbit’s parent company, Dunamu, faces a critical corporate moment. Reports suggest that Naver, one of South Korea’s leading internet firms, is pursuing a multibillion-dollar stock-swap merger to acquire Dunamu.
The proposal, discussed at the board meeting on 26 November, could influence Upbit’s path toward a future Nasdaq listing. The breach adds new pressure to these talks as stakeholders assess both operational risks and long-term growth plans.