Upbit Suffers $37M Solana Hot Wallet Breach on 6th Anniversary Following Lazarus Hack in 2019

South Korea’s leading cryptocurrency platform, Upbit, has confirmed a serious security incident ahead on Thursday. According to reports, the platform’s Solana network hot wallet was drained of in crypto assets. The company immediately paused deposits and withdrawals on all affected assets and transferred the remaining holdings into cold storage while launching a full investigation.

The breach involved transfers of multiple tokens, including Solana (SOL), USD Coin (USDC), memecoins, and a range of Solana ecosystem tokens, to unknown external addresses. In response, Upbit pledged to reimburse all affected users from its own reserves, underlining a commitment to full customer protection.

A Fresh Upbit Breach on a Grim Anniversary

The timing of the latest breach is jarring, considering that it comes almost exactly six years later than the infamous 2019 Upbit hack, when 342,000 ETH (now worth more than $1 billion) was stolen from the platform’s hot wallet in a theft linked to the renowned . The coincidence has not gone unnoticed, prompting renewed scrutiny over how effectively platforms have learned from past security breaches and hardened security over the past years. 

Industry analysts are treating this attack as a stark reminder that hot wallet exposure remains a persistent risk, even for large, well-established platforms. Some governance observers also argue that the recurrence highlights systemic vulnerabilities in wallet security, platform architecture, and internal risk management practices.

Upbit’s operators themselves stressed that only one Solana hot wallet was compromised and pledged swift action. reportedly said that the priority remains user protection and that the platform will absorb all losses, but acknowledged a full forensic audit is necessary to understand the breach’s root cause.

Upbit’s Hack Dampens Investor Confidence and Calls For Caution

In the hours following the breach, reportedly froze Solana asset transfers, paused withdrawals and deposits across the network, and transferred the remaining assets into cold wallets. The platform also said it is working with blockchain analytics firms and token issuers to track and (where possible) freeze compromised funds. 

While these measures sound reassuring, many in the crypto community, including the platform’s users, have largeger questions about the ongoing securety of their funds. Critics warn that even well-capitalized platforms like Upbit can no longer guarantee securety if core wallet infrastructure remains vulnerable, and they are calling for stronger on-chain custody standards and regulatory oversight.

From a regulatory and compliance angle, the incident cast doubts on Upbit’s parent company’s reported talks for a large merger with a major tech firm, and the platform’s . A high-profile breach now risks undermining both public trust and regulatory excellentwill.

For users and institutional stakeholders alike, the takeaway is that they must trust but verify, and treat platform-held crypto as high-risk until robust secureguards are established to prevent continuous breaches.