Upbit Loses $36M in Solana Hot Wallet Exploit
BTC
-1.70%
ETH
+1.67%
COMP
+0.19%
FLOW
-6.64%
ATOM
-0.05%
CHSB
+1.36%
The crypto markets woke up to another multi-million dollar exchange breach, this time at South Korea’s Upbit. The exchange, a major player in the region, reported a loss of approximately $36 million due to a Solana hot wallet exploit, raising familiar questions about exchange security and the risks associated with “hot” storage solutions.

The incident, which unfolded early Thursday, triggered a flurry of activity as Upbit scrambled to contain the damage and reassure its users. The exchange immediately halted deposit and withdrawal services for affected assets, initiating an emergency security review to identify the source of the breach.

According to Upbit’s CEO, Oh Kyung-seok, the exchange detected “irregular withdrawals” from a compromised hot wallet linked to the Solana network around 04:11 UTC on November 27th. The stolen funds, worth roughly 54 billion Korean Won, were traced to an external wallet not designated internally.

The breach affected a variety of Solana-based assets, highlighting the broad reach of the exploit. The affected tokens included:

  • Meme coins like Bonk (BONK), Moodeng (MOODENG), and Official Trump (TRUMP)
  • DeFi tokens such as Sonic SVM (SONIC), Access Protocol (ACS), Jito (JTO), Solana (SOL), and Raydium (RAY)
  • Other tokens like Pudgy Penguin (PENGU) and even Circle’s USD Coin (USDC)

In the wake of the attack, Upbit moved swiftly to mitigate the fallout. The exchange transferred all remaining assets to cold storage, a more secure offline storage solution, to prevent further unauthorized withdrawals. They are also collaborating with relevant projects to freeze the stolen assets on-chain, with some success already reported in freezing a portion of Solayer (LAYER).

CEO Oh Kyung-seok emphasized that Upbit will “fully compensate the entire amount with its own assets so that no impact occurs to members’ assets,” a crucial promise intended to maintain user trust in the platform. Deposit and withdrawal services will resume only after comprehensive security checks are completed.

The timing of this incident is particularly sensitive for Upbit. Its parent company, Dunamu, is currently undergoing a significant corporate transition, with plans to be absorbed into Naver Financial under a $10.3 billion stock-swap agreement. This acquisition would make Upbit a subsidiary of South Korea’s top search portal, Naver. This incident raises questions about security protocols during major corporate changes.

The Upbit hack serves as a stark reminder of the persistent security challenges facing cryptocurrency exchanges. While “hot wallets” offer convenience for frequent transactions, they also represent a significant attack vector for malicious actors. Exchanges must continuously invest in robust security measures and explore innovative solutions to protect user funds in an increasingly sophisticated threat landscape.

RELATED ARTICLESMORE FROM AUTHOR