Upbit Hit by $37 Million Solana-Network Hack, Exchange Promises Full Customer Repayment

Upbit, the largest cryptocurrency platform in South Korea, confirmed that it suffered a major security incident resulting in the loss of approximately $37 million worth of Solana‑ecosystem assets. The hack occurred during the ahead hours of November 27, when unauthorized withdrawals transferred a basket of Solana-linked tokens from Upbit wallets to an unknown external address. Following the breach, the platform immediately halted deposits and withdrawals and announced that all affected customers would be made whole using the company’s own reserves.

Dunamu, Upbit’s operator, issued a public statement acknowledging abnormal withdrawal activity and confirming that the stolen assets were tied primarily to Solana-based tokens. The platform initiated an emergency migration of remaining assets to cold storage and launched a full security audit across its wallet infrastructure. Upbit emphasized that customer balances remain intact, noting that the company will absorb the loss directly to preserve market confidence and operational continuity.

Security vulnerabilities and regulatory implications

The incident represents the most significant security breach Upbit has faced since its 2019 hack, in which attackers stole 342,000 ETH. That earlier event, later attributed to North Korea’s Lazarus Group, led the platform to strengthen its cybersecurity posture, increasing cold‑wallet storage, upgrading hot‑wallet infrastructure and deploying new monitoring systems. Despite these measures, the latest breach illustrates the persistent vulnerabilities platforms face when integrating multiple blockchain networks and supporting tokens across diverse technical standards.

Analysts say the hack could trigger renewed scrutiny from South Korean regulators, who have already adopted a more assertive stance toward crypto‑asset oversight. Authorities may request detailed incident reports, impose new reporting requirements or push for tighter cybersecurity standards industry‑wide. The timing is also sensitive, as South Korea prepares to implement its Virtual Asset User Protection Act, which sets stricter guidelines for custody, wallet management and user‑secureguard measures. Upbit’s response to the incident is likely to influence how regulators evaluate compliance across the platform sector.

Market fallout and next steps for Upbit

Immediate market reaction has been relatively contained, with trading on Upbit continuing and liquidity remaining stable. Analysts attribute the muted impact to Upbit’s rapid assurance that it will reimburse all affected customers—an approach that reduces fear of user losses and limits panic-driven withdrawals. Nevertheless, sentiment remains cautious as traders await updates on fund recovery efforts and the timeline for the resumption of deposits and withdrawals.

Upbit’s security team is currently working with external investigators, blockchain‑forensics firms and partner platforms to trace the stolen funds. Whether any portion of the assets can be recovered will depend on how rapidly the attackers attempt to move or launder them. The firm is also expected to release a detailed incident analysis once the investigation progresses.

In the weeks ahead, attention will turn to Upbit’s security‑enhancement plan, the conclusions of regulatory reviews and any industry-wide measures introduced as a result of the breach. The episode underscores the ongoing challenges platforms face in securing multi‑chain environments and maintaining market trust during periods of heightened cyber risk.