Upbit Suffers $36M Solana Hot Wallet Hack in Major Breach
- Upbit reports $36M Solana hot wallet hack, triggering full platform security audit.
- Exchange moves digital assets to cold storage after Solana wallet breach to mitigate risk.
- South Korean regulators investigate Upbit hack amid rising concern over crypto security.
South Korean crypto exchange Upbit reported a $36 million Solana hot wallet breach only a day after parent company Dunamu confirmed a $10.3 billion acquisition deal with Naver Financial. The incident placed fresh focus on security risks at one of Asia’s largest digital asset trading platforms just as Dunamu prepared for a United States initial public offering.
Upbit detected abnormal withdrawals from a Solana-network hot wallet at around 4:42 a.m. local time on Nov. 27. The exchange halted deposits and withdrawals shortly after the alert and launched an emergency review of all supported digital assets. Dunamu moved the remaining Solana-based holdings into cold storage and started on-chain efforts to freeze compromised funds where possible.
The breach involved an estimated 54 billion Korean won, equal to roughly $36–38 million. Transfers affected a wide range of Solana ecosystem tokens, including SOL, USDC, BONK, JTO, SONIC, RAY, RENDER, ORCA, PYTH, LAYER, and several others. Upbit stated that cold-wallet reserves remained intact and that internal teams continue to track impacted addresses and coordinate with project teams.
Upbit Security Review and Regulatory Response After the Solana Hot Wallet Hack
Upbit froze deposits and withdrawals for Solana-based assets and then extended the suspension to more tokens during a platform-wide audit. Trading on the exchange remains available, so users can still buy and sell within the order book. However, customers cannot move funds on or off the platform until Upbit completes the security review and confirms that wallets operate safely.
Dunamu said corporate reserves would cover all user balances affected by the Solana hot wallet breach and framed it as consistent with its asset protection policy. It further called on customers to refrain from making rushed changes in security settings. At the same time, Chief Executive Oh Kyung-seok issued a public apology while promising increased controls over the storage and monitoring of digital assets.
Financial regulators in South Korea also initiated on-site probes into Upbit in the wake of the event. According to local reports, the regulators are scrutinizing internal reporting timelines, incident disclosure procedures, and data-handling practices. In addition, some suggested that watchdogs may consider temporary limits on new account registrations if investigators uncover serious weaknesses in governance or technology controls.
The 2025 Solana hot wallet breach occurred almost six years after Upbit’s 2019 incident, when attackers drained 342,000 ETH from an operational wallet. Investigators linked the earlier theft to North Korea–related hacking groups such as Lazarus and Andariel. The new breach revived industry debate about custodial models for centralised exchanges and the ongoing exposure of online wallets to targeted attacks.
Experts at blockchain analytics companies also cite increasingly large losses due to hacks of exchanges, use of protocol exploits, and social-engineering fraud in 2025. The Upbit Solana hot wallet hack becomes another high-profile loss and puts additional pressure on trading platforms to improve cold-storage ratios, monitoring systems, and incident-response protocols.
Related: Korea’s Naver to Absorb Upbit, Plans Stablecoin Launch
$10B Naver–Dunamu Deal and IPO Plans
The Upbit hack coincided with a landmark corporate deal between Upbit operator Dunamu and Naver Financial. Under the agreement, Naver will acquire Dunamu in a stock-swap transaction worth about 15.1 trillion won, or $10.3 billion. Naver plans to issue 87.5 million new shares to Dunamu shareholders and convert Dunamu into a wholly owned subsidiary, linking Upbit with Naver’s dominant internet and payments ecosystem.
Dunamu also announced plans to pursue a United States listing after completion of the Naver acquisition. Management outlined a strategy that includes multi-year investment in Web3 services and artificial intelligence infrastructure.
