Upbit Suspends Deposits After $36M Solana Wallet Outflow Amid Dunamu’s Naver Acquisition

• Upbit identified suspicious transfers at 4:42 a.m. local time, immediately halting all transfers for a security audit.

• The breach affected only the hot wallet on the Solana network, leaving other assets and cold storage untouched.

• Upbit will cover all losses, ensuring no user funds are permanently lost, amid ongoing regulatory inspections.

Discover the details of the Upbit security breach involving a $36M Solana wallet outflow. Learn how the exchange is responding and its ties to Dunamu’s $10B Naver acquisition. Stay informed on crypto safety measures today.

What is the Upbit Security Breach?

The Upbit security breach refers to an unauthorized outflow of approximately $36 million from the exchange’s Solana-network hot wallet, detected on November 27, 2025. South Korea’s leading cryptocurrency platform, Upbit, promptly suspended deposits and withdrawals across all assets to conduct a thorough security review. The incident highlights ongoing vulnerabilities in hot wallet management, though the exchange confirmed that customer funds remain protected through full reimbursement from internal reserves.

How Did the Upbit Breach Unfold on the Solana Network?

The breach began around 4:42 a.m. local time (7:42 p.m. UTC) when Upbit’s monitoring systems flagged abnormal transfers from its Solana hot wallet to an unknown address. According to the exchange’s announcement, the suspicious activity involved about $36 million in assets, prompting an immediate shutdown of transfer services. Upbit isolated the affected wallet, moved remaining hot wallet funds to cold storage for enhanced security, and initiated on-chain freezing efforts to recover the outflow.

This event echoes past incidents, such as Upbit’s 2019 hack where nearly $50 million was stolen by the North Korean-linked Lazarus group, as reported in cybersecurity analyses from that period. Local financial authorities in South Korea launched on-site inspections shortly after, aiming to trace the breach’s origins and assess broader platform risks. Upbit emphasized that trading operations continued uninterrupted, allowing users to buy and sell within the exchange, while transfers remained paused pending the audit’s completion.

Reports from South Korean media outlets indicate the outflow was limited to Solana-based assets, with no evidence of compromise in other cryptocurrencies or cold storage systems. The exchange’s rapid response minimized potential damage, but it underscores the persistent threats posed by hot wallets, which are connected to the internet for faster transactions but carry higher exposure risks. Cybersecurity experts, including those cited in industry reviews by firms like Chainalysis, note that such incidents often stem from private key exposures or phishing attempts, though Upbit has not yet disclosed the exact cause.

Frequently Asked Questions

What Caused the Upbit Security Breach in 2025?

The Upbit security breach stemmed from unauthorized transfers detected in a Solana hot wallet, totaling around $36 million, on November 27, 2025. While the precise entry method remains under investigation, it appears isolated to hot storage systems. South Korean regulators are conducting inspections to determine if it involved external hacking or internal vulnerabilities, ensuring a full forensic analysis.

Will Upbit Users Recover Funds from the Solana Wallet Outflow?

Yes, Upbit has committed to fully reimbursing all affected user funds from its own reserves, with no action required from customers. The exchange assures that the breach’s impact is contained, and balances will be restored once the security review concludes. This measure protects users while the platform collaborates with authorities for a transparent resolution.

Key Takeaways

• Isolated Incident: The breach affected only Upbit’s Solana hot wallet, leaving cold storage and other assets secure, demonstrating effective compartmentalization in wallet management.
• User Protection Priority: Upbit plans to cover the $36 million loss entirely, reinforcing trust by ensuring no customer funds are at risk during the audit.
• Regulatory Scrutiny: South Korean authorities are performing on-site checks, which could lead to enhanced crypto exchange security standards industry-wide.

Conclusion

The Upbit security breach on the Solana network serves as a stark reminder of the challenges in securing hot wallets amid the cryptocurrency sector’s rapid growth. As Dunamu, Upbit’s parent company, advances its $10 billion acquisition by Naver and prepares for a U.S. initial public offering, this incident places renewed focus on robust security protocols. Investors and users should monitor ongoing developments from financial regulators, while exchanges continue to fortify defenses against evolving threats—staying vigilant will be key to the sustainable expansion of digital assets.

Upbit’s Response and User Reimbursement Plans

Following the detection of the unauthorized outflow, Upbit implemented a platform-wide freeze on deposits and withdrawals to prevent further risks. This precautionary step, which extends beyond Solana assets, will persist until the security audit verifies the integrity of all systems. Trading functionality remains active, enabling users to manage positions internally without interruption.

Upbit has publicly stated that it will bear the full cost of the $36 million loss, drawing from its substantial reserves to restore any impacted balances. No user intervention is needed for recovery, though the exchange urges patience as it coordinates with South Korean financial authorities. These inspections, initiated promptly after the incident, aim to uncover the breach’s root cause and ensure compliance with national crypto regulations.

The lack of a specified timeline for lifting the freeze reflects the thoroughness of the investigation, but Upbit’s track record in handling past events, including the 2019 breach, suggests a commitment to resolution. Industry observers, drawing from reports by organizations like the Financial Services Commission of South Korea, highlight that such audits often lead to improved safeguards, benefiting the broader ecosystem.

Dunamu’s Global Expansion Amid the Security Incident

The timing of the Upbit security breach coincides with significant corporate developments for its operator, Dunamu. On November 26, 2025, Dunamu announced a landmark $10.3 billion acquisition by Naver Financial, South Korea’s prominent search and fintech powerhouse. This stock-swap transaction, valued at 15.1 trillion won, involves Naver issuing 87.5 million new shares to Dunamu shareholders, positioning Dunamu as a wholly owned subsidiary.

Beyond the acquisition, Dunamu outlined plans for an initial public offering on U.S. exchanges post-merger, signaling ambitions to tap into global capital markets. The deal also encompasses a joint investment of nearly $7 billion over the next five years, focused on building ecosystems for Web3 technologies and artificial intelligence. These initiatives aim to integrate blockchain innovations with everyday digital services, potentially expanding Upbit’s reach internationally.

Despite the breach’s shadow, Dunamu’s strategic moves underscore resilience in the crypto industry. Financial analysts, as noted in filings with the Korea Exchange, view the Naver partnership as a stabilizing force, combining Upbit’s trading expertise with Naver’s technological infrastructure. This alliance could accelerate advancements in secure, user-friendly crypto platforms, even as the current incident prompts a reevaluation of risk management practices.

🚨 ALERT: Upbit suspends deposits and withdrawals after $38.5M abnormal outflow on Solana network, reporting the assets were transferred to unknown wallet on Nov 27.

Upbit confirms it will cover all losses. pic.twitter.com/28Eu61s1Tf

— Cointelegraph (November 27, 2025)

Related: South Korea stablecoin framework stalls as regulators split over banks’ role

Magazine: 2026 is the year of pragmatic privacy in crypto: Canton, Zcash and more