Crypto Exchange Upbit Reports $36M Solana Wallet Breach

South Korea’s prominent and largest cryptocurrency exchange suffered a security incident on November 27, 2025, involving unauthorized withdrawals that resulted in a loss worth approximately 54 billion KRW ($36 million) in Solana-based assets. The South Korean exchange operated by fintech company Dunamu immediately suspended its Solana network deposit and withdrawal services after spotting an abnormal transaction linked to the Solana hot wallet until the necessary inspection protocols are followed. 

Upbit detected suspicious activity in its Solana hot wallet early Thursday and issued a notice announcing the suspension of deposit/withdrawal services. The latest reports suggest that the security breach affected over 20 different tokens, including SOL, USDC, ORCA, and PYTH. Upbit has officially confirmed that many tokens have been transferred to an unknown external wallet. The exchange authorities have described the event as “abnormal withdrawal activity,” and they believe the breach could be a targeted move as the hack occurred just days before the sixth anniversary of Upbit’s large-scale breach in 2019, which resulted in losing 342,000 ETH.

Oh Kyung-seok, CEO of Dunamu, the parent company of Upbit, stated that they deeply apologized for any inconvenience caused to their members due to the urgent digital asset deposit/withdrawal service inspection and the abnormal withdrawal situation today. He explained that Upbit had immediately suspended the services and conducted a comprehensive inspection, prioritizing the protection of member assets. 

Although officially confirmed, the fintech company hasn’t yet disclosed the exact nature of the reported hack. Expert analysts suggest the incident was likely triggered by a compromise in Upbit’s wallet infrastructure rather than a flaw in the Solana protocol. The exact details of affected assets are available now; according to the latest data, Decentralized Finance tokens like Sonic SVM (SONIC), Access Protocol (ACS), Jito (JTO), Solana (SOL), and Raydium (RAY), meme coins like Bonk (BONK), Moodeng (MOODENG), and Official Trump (TRUMP), were affected. The crypto tokens like Pudgy Penguin (PENGU) and Circle’s USDC were also exposed.  Digital assets like 2Z, DOOD, DRIFT, HUMA, IO, JUP, LAYER, ME, MEW, PYTH, RAY, RENDER, SOON, and W are the other ones that were affected in the Upbit security breach.      

All assets moved to a cold wallet as Upbit assures members of safety and compensation

Kyung-seok added that they had identified the extent of the digital asset outflow caused by the abnormal withdrawals and would cover the entire amount with Upbit assets to ensure no damage to members’ assets. He also mentioned that they would inform members of Upbit’s progress following the occurrence of this abnormal withdrawal activity.

Upbit has already initiated safety measures to protect members’ assets. According to their official notice, Upbit has transferred all assets to a secure cold wallet to prevent further abnormal activities. They are now attempting a freeze on-chain and preparing to cooperate with investigative authorities. The exchange has ensured that they will conduct a comprehensive review of the stability and security of their entire digital asset deposit/withdrawal system. They have also assured that the entire amount would be covered by Upbit’s holdings and vowed to reimburse all affected users.

He concluded the notice by urging that if anyone had any verifiable or suspicious information regarding the abnormal withdrawal activity, they should report it to Customer Service. He sincerely apologized for any inconvenience caused by this unusual withdrawal situation and emphasized that Upbit prioritized its assets and would do its best to provide a safer service based on a strengthened security system.   

Also Read: SpaceX Moves $105M in Bitcoin – Analysts See Consolidation, Not Sell-Off