The Upbit security breach on November 27, 2025, resulted in the theft of over $36 million in Solana-based assets from the exchange’s wallets. Operator Dunamu confirmed the unauthorized transfer was contained quickly, with no impact on user funds as losses will be covered internally.
-
Unauthorized Transfer: At 4:42 a.m., hackers siphoned 54 billion won worth of Solana ecosystem tokens to an external wallet.
-
Quick Response: Upbit halted deposits and withdrawals to secure the platform and launched a full system inspection.
-
Timing Coincidence: The incident occurred amid Naver’s announced acquisition of Dunamu, highlighting vulnerabilities during corporate transitions.
Upbit security breach exposes $36M Solana theft—learn how the exchange responded swiftly to protect users amid Naver merger talks. Stay informed on crypto safety measures today.
What is the Upbit security breach and how did it unfold?
The Upbit security breach refers to a cyberattack on South Korea’s largest cryptocurrency exchange, Upbit, on November 27, 2025, where hackers stole approximately $36.9 million in Solana-based assets from the company’s hot wallets. Detected at 4:42 a.m. local time, the unauthorized withdrawal involved multiple tokens within the Solana ecosystem, prompting an immediate halt to all deposit and withdrawal activities. Operator Dunamu Inc. assured users that the breach was isolated and that member assets remain unaffected, as the full loss will be reimbursed from Upbit’s reserves.
Which Solana tokens were targeted in the Upbit hack?
The breach specifically targeted a diverse array of Solana-affiliated assets, including Double Zero, Access Protocol, Bonk, Doodles, DRIFT, Huma Finance, lonet, Zito, Jupiter, Solaire, Magic Eden, Cat in a Dog World, MOODENG, ORCA, Fudge Penguin, Peace Network, Radium, Render Token, Solana itself, SonicSVM, SOON, Official Trump, USD Coin, and Wormhole. According to Dunamu’s official notice, all these tokens were transferred in a single event to an unknown external wallet address. Cybersecurity firm PeckShieldAlert reported the incident on social media, estimating the total value at around 54 billion won, or roughly $36 million at current exchange rates. This multi-token theft underscores the vulnerability of hot wallets, which are connected to the internet for faster transactions but expose platforms to risks if not adequately secured. Experts from the blockchain security community, such as those at PeckShield, emphasize that such incidents often stem from private key compromises or phishing attempts, though the exact method remains under investigation. Upbit’s engineering team is conducting a thorough audit to identify the entry point, with preliminary findings suggesting the attack was sophisticated and targeted specifically at Solana holdings.
In the immediate aftermath, Dunamu CEO Oh Kyung-seok issued a public statement detailing the timeline. “We detected the abnormal activity before dawn and acted swiftly to contain it,” he stated, highlighting the platform’s monitoring systems that flagged the withdrawal in real-time. The exchange’s response included suspending all trading functionalities related to deposits and withdrawals, a measure aimed at preventing further exploitation. This proactive step aligns with industry best practices recommended by regulatory bodies like South Korea’s Financial Services Commission, which mandates rapid incident reporting and user protection protocols for licensed exchanges.
Upbit’s customer support has been mobilized to handle inquiries, encouraging users to report any suspicious activity observed in their accounts. While no user funds were directly compromised, the incident serves as a stark reminder of the persistent threats in the cryptocurrency space. Historical data from similar breaches, such as the 2019 Upbit hack involving Ethereum, shows that quick containment can minimize long-term damage, but recovery efforts often take weeks.
Frequently Asked Questions
What caused the Upbit security breach on November 27, 2025?
The Upbit security breach was triggered by unauthorized access to the exchange’s hot wallets, leading to the transfer of $36.9 million in Solana-based assets at 4:42 a.m. local time. Dunamu Inc. confirmed the incident involved an external hacker exploiting a vulnerability, though specifics are still under review. The company has assured full coverage of losses to protect users, with no evidence of broader system compromise.
How will the Upbit hack affect users and the Naver merger?
For everyday users, the Upbit hack has minimal direct impact since the stolen assets came from company reserves, not customer holdings, and services were paused only temporarily for security checks. Regarding the Naver merger with Dunamu, announced the same day, executives from both sides proceeded with plans during a press conference, emphasizing enhanced AI-blockchain integration. Naver Chairman Lee Hae-jin stated that the partnership would bolster security through advanced technologies, potentially turning this incident into a catalyst for stronger defenses in the merged entity.
Key Takeaways
- Swift Detection Saves the Day: Upbit’s real-time monitoring identified the breach within minutes, limiting losses and preventing wider damage to the ecosystem.
- User Protection Prioritized: By covering the $36 million loss internally, Dunamu demonstrated commitment to client trust, a critical factor in the volatile crypto market.
- Merger Amid Crisis: The hack coincided with Naver’s acquisition announcement, signaling resilience and opportunities for improved cybersecurity through collaborative AI and Web3 advancements.
Conclusion
The Upbit security breach on November 27, 2025, involving the theft of $36.9 million in Solana assets, highlights ongoing challenges in cryptocurrency exchange security despite robust measures. With Dunamu’s prompt response ensuring no user impact and the platform’s systems now under rigorous review, the incident underscores the need for continuous vigilance in the sector. As Naver’s merger with Dunamu progresses, integrating AI-driven protections could set new standards for Web3 safety. Investors and users are encouraged to enable two-factor authentication and monitor official updates from exchanges to navigate these risks effectively, paving the way for a more secure digital finance future.
#PeckShieldAlert @Official_Upbit has disclosed that its wallets were compromised, leading to an unauthorized transfer of ~54 billion won (~$36M) in Solana-based assets to an external wallet.
— PeckShieldAlert (@PeckShieldAlert) November 27, 2025
