Binance Rejects Claims of Delayed Response in Upbit Hack Case

Binance had been recently accused of non-compliance with the investigation regarding last month’s Upbit hack that led to a loss of 30 million US dollars worth of assets. Binance rejected the reports that accused them of non-compliance and that they have only partially complied with the requests from South Korean authorities.

There had been reports that stated Binance’s slow processing of the event was a leading cause of fund loss. Binance denied these allegations outright and stated that such reports regarding their delayed response were inaccurate. According to the spokesperson who gave a statement to Cryptonews, Binance had swiftly intervened in the attack and had frozen funds to prevent any further losses.

Binance Lays Claims To Its Swift Actions And Compliance With Authorities

Binance, the world’s largest centralized crypto exchange, added in their statement how they have acted promptly during the attack and how they have been helping law enforcement agencies in tracking down the culprits behind the attack.

The spokesperson who officially addressed the allegations against Binance made it clear that they have been monitoring the situation up close and are supporting the agencies and individuals involved in the investigation as per their request. The spokesperson went on to add that any claims or reports stating that Binance did not take prompt action or is in non-compliance with authorities are “unsubstantiated and inaccurate”.

Allegations Against Binance

A report that cited South Korean law enforcement claimed that Binance only froze a small portion of the stolen funds from the Upbit breach. This is what led to the feud between Binance and the report. The local media had reported that only 17% of the flagged assets, which were linked to the breach, were finally frozen.

Authorities claim that the attackers quickly moved funds over thousands of accounts in a matter of hours after the breach. A combination of chain hopping, token swaps, and bridges was utilized by the attackers to obscure the stolen funds. This is a common tactic used by such attackers due to its difficulty in applying forensic efforts to track the origins of the attack.

The problem with Binance starts after a portion of these funds reaches active service wallets in Binance. Normally, exchanges are watchful of the origins of their clients’ funds. However, in this case, Binance failed to identify the source of the funds, leading to the authorities reaching out to Binance to help freeze these accounts as part of the investigation.

In the report, it states that Binance only froze 80 million Won of the 470 million Won worth of Solana that reached Binance service wallets. According to reports, Binance did not comply with the request of the authorities to put a freeze on the rest of the amount, citing technical reasons such as additional verifications.

The Attack And The Aftermath

The attack that shook Upbit happened on 27th November 2025. The attack had targeted a Solana hot wallet, which is thought to have had depreciated systems protecting it. Usually, the private key cannot be derived from the public key. However, in this attack, the attackers were somehow able to identify these private keys that led to the breach and loss of funds.

Even though authorities and Upbit have not confirmed that this is the reason behind the breach, the rumors that are taking over the industry are suggestive of a hack that utilized the weak points within Upbit’s security system to access the Solana hot wallet. Different assets within the hot wallet, amounting to approximately 36 million US dollars, were stolen in the attack.

As stated earlier, through various methods that make it difficult for authorities to track the stolen funds, these funds were then quickly dispersed across thousands of wallets in mere hours.

Immediately after the attack, Upbit transferred 99% of its clients’ funds to cold wallets. At the moment, this is above the legal limit that the South Korean authorities have placed on exchanges. According to regulatory authorities, 80% of the clients’ funds should be stored in cold wallets to protect them against attacks and breaches like these. UpBit is going a step further and is adding an extra layer of security by moving 99% of the funds to a cold wallet.

According to operator Dunamu at Upbit, the platform’s end goal is to move 100% of the funds to a cold wallet without halting any of the exchange’s services. After detecting the attack, the exchange had temporarily paused deposits and withdrawals as an immediate step. South Korean investigative agencies have launched a full-scale investigation into the matter. At the moment, the suspected party is the Lazarus group located in North Korea.