South Korea’s largest crypto exchange, Upbit, experienced a security breach on the Solana network, resulting in unauthorized withdrawals of about $36 million in assets. The platform halted services, shifted funds to cold storage, and committed to fully compensating affected users without impacting their holdings.
-
Upbit detected irregular transfers from a compromised hot-wallet at around 4:42 AM on November 27, 2025.
-
The breach involved Solana-based tokens like BONK, MOODENG, SOL, and USDC, totaling approximately 54 billion KRW.
-
Upbit has frozen some stolen funds through on-chain coordination and plans to resume services after comprehensive security reviews.
Discover details on the Upbit Solana hack: unauthorized withdrawals of $36M in crypto assets prompt swift response and user compensation. Stay informed on crypto security measures today.
What is the Upbit Solana Hack?
The Upbit Solana hack refers to a security incident on November 27, 2025, where South Korea’s leading cryptocurrency exchange, Upbit, suffered unauthorized withdrawals from its Solana network hot wallet, amounting to roughly $36 million in digital assets. The breach was quickly identified, leading to an immediate halt in related services to mitigate further risks. Upbit’s parent company, Dunamu, confirmed the event through a public notice from CEO Oh Kyung-seok, emphasizing no impact on user funds due to full compensation plans.
How Did Upbit Respond to the Security Breach?
Following the detection of irregular transfers at 4:42 AM on November 27, 2025, Upbit initiated an emergency protocol to secure its systems. The exchange moved all remaining Solana assets to cold storage, a secure offline method that prevents unauthorized access, as stated in CEO Oh Kyung-seok’s announcement. Investigators traced the funds, successfully freezing a portion via on-chain coordination with projects like Solayer, where some assets in LAYER were immobilized.
The affected tokens included popular meme coins such as Bonk (BONK) and Moodeng (MOODENG), as well as decentralized finance assets like Sonic SVM (SONIC), Access Protocol (ACS), Jito (JTO), Solana (SOL), Raydium (RAY), Pudgy Penguin (PENGU), Official Trump (TRUMP), and Circle’s USD Coin (USDC). Upbit’s internal assessment pegged the loss at 54 billion Korean Won, equivalent to about $36 million at current exchange rates.
“The scale of the loss caused by the abnormal withdrawals was identified internally immediately upon confirmation,” Oh Kyung-seok noted in the public disclosure. The exchange assured users that it would cover the entire amount using its own reserves, ensuring no deductions from customer balances. Broader deposit and withdrawal functions across networks remain suspended pending a thorough security audit of wallets and related systems.
This response aligns with industry best practices for crypto exchanges facing breaches, drawing from guidelines outlined by regulatory bodies like South Korea’s Financial Services Commission. Experts in blockchain security, such as those from cybersecurity firms monitoring Solana’s ecosystem, highlight that rapid isolation of hot wallets can limit damage, with historical data showing that 70% of attempted freezes in similar incidents recover at least partial funds, according to reports from Chainalysis.
Frequently Asked Questions
What Assets Were Stolen in the Upbit Solana Hack Incident?
In the Upbit Solana hack on November 27, 2025, thieves targeted a variety of Solana-based tokens from the exchange’s hot wallet. Key assets included meme coins like Bonk (BONK), Moodeng (MOODENG), and Official Trump (TRUMP), alongside DeFi tokens such as Sonic SVM (SONIC), Jito (JTO), and Raydium (RAY), plus Solana (SOL) itself, Pudgy Penguin (PENGU), Access Protocol (ACS), and USD Coin (USDC). The total value stolen was approximately 54 billion KRW, or $36 million, with Upbit committing to full user reimbursement.
Will the Upbit Security Breach Affect My Crypto Deposits and Withdrawals?
If you’re a Upbit user, your deposits and withdrawals for Solana network assets are temporarily paused as of November 27, 2025, to allow for a complete security review following the breach. Other networks remain operational where possible, but full resumption across all services will occur only after verifying system integrity. Upbit guarantees no losses to your personal holdings, covering the incident entirely from its reserves to maintain trust and stability.
Key Takeaways
- Rapid Detection Saves Assets: Upbit’s quick identification of the breach at 4:42 AM limited the incident to $36 million, showcasing the importance of real-time monitoring in crypto security.
- Cold Storage as Defense: Shifting funds to offline cold wallets prevented further unauthorized access, a standard practice that experts recommend for exchanges handling high volumes like Upbit’s daily $2 billion in trades.
- User Compensation Priority: By pledging full reimbursement without impacting customer funds, Upbit reinforces investor confidence amid rising Solana ecosystem hacks, urging users to enable two-factor authentication for added protection.
Conclusion
The Upbit Solana hack underscores the persistent vulnerabilities in cryptocurrency exchanges, even for industry leaders like South Korea’s largest platform, as it grapples with a $36 million loss from compromised hot-wallet transfers on November 27, 2025. With CEO Oh Kyung-seok’s transparent response and commitments to cold storage migration and full compensation, Upbit demonstrates resilience in addressing security breaches. As the crypto sector evolves, staying vigilant against Solana network risks will be crucial—monitor official announcements from Dunamu for updates and consider diversifying holdings across secure platforms to safeguard your investments.
