South Korea's Largest Crypto Exchange Upbit Suffers $36 Million Hack

South Korea’s leading cryptocurrency exchange Upbit disclosed a significant security breach on Thursday morning, with approximately 54 billion won, equivalent to around $36 million, drained from its Solana network holdings. The unauthorized transfers involved a mix of Solana-based assets, including SOL, USDC, and various smaller tokens, which were moved to an unknown external wallet starting around 4:42 am local time on November 27. Upbit quickly detected the irregular activity and suspended all deposit and withdrawal services across the platform to limit further damage.

Oh Kyung-seok, chief executive of Dunamu, the company behind Upbit, assured users that the exchange acted decisively to safeguard customer funds. In an official notice, he emphasized that the team prioritized asset protection by halting operations and launching an immediate inspection. The exchange has committed to covering the entire loss using its own reserves, ensuring that no user balances will be affected by the incident.

Exchange Moves Assets to Cold Storage Amid Ongoing Investigation

Following the detection of abnormal withdrawals, Upbit transferred all remaining digital assets to secure cold wallets as a precautionary measure. The company has already frozen roughly 12 billion won worth of certain Solana ecosystem tokens and is collaborating with relevant projects to block additional movement of the stolen funds. A full emergency security review is underway, extending beyond the Solana network to examine the stability of the entire deposit and withdrawal infrastructure.

This breach marks an unsettling anniversary for Upbit, occurring almost exactly six years after a major theft in November 2019 that saw 342,000 Ethereum tokens stolen, valued at about $48.5 million at the time. South Korean authorities later linked that earlier incident to North Korean hackers, and the recovered value of those assets now exceeds $1 billion. Current reports from Reuters indicate that authorities suspect the latest hack may again involve North Korea’s notorious Lazarus Group, affiliated with the country’s intelligence agency.

Law enforcement agencies, including the National Police Agency’s cyber crime unit, have initiated an investigation into the incident, while Upbit has pledged full cooperation with regulators and officials. The exchange is actively tracking the outflow and working to recover or freeze the remaining assets through onchain measures and partnerships with affected token projects. Deposits and withdrawals will resume gradually only after the platform completes its system-wide security checks and confirms everything is stable.