32 Million Upbit Hack: Token Solana to Stars on the Korean Market!
Upbit suspends deposits and withdrawals after a hacker attack that embezzled 32 million in Solana tokens, causing heavy premiums in the Korean market.
South Korean cryptocurrency markets were rocked by a dramatic and unexpected event. The Upbit exchange, the country's leading exchange by trading volume, suspended deposits and withdrawals of digital assets on 27 November, following a hacking attack that stole some 44.5 billion won ($32 million) in tokens based on the Solana network.
Upbit's Theft and Immediate Response
The breach occurred at around 4:42am local time, involving 24 Solana-based assets, including SOL, JUP, ORCA and BONK, which were transferred without authorisation from an operational hot wallet to undesignated external wallets. Upbit immediately confirmed that the reserves held in its cold wallets were not compromised and promptly moved all remaining assets into safe custody.
In a statement to reassure customers, the CEO of Upbit, Oh Kyung-seok, pledged to cover the entire loss using the platform's reserves. Upbit's operator, Dunamu, also revised downwards its initial damage estimate from 54 billion won after a recalculation of prices.
In addition, the exchange acted by freezing about 2.3 billion won in Solayer on-chain, working with authorities and project teams to track the remaining funds, most of which remain unrecovered.
Hyperbolic Premiums on the Local Market
Despite the alert and suspension of services, the local market reacted abnormally. By mid-afternoon South Korean time, Solana-based tokens were trading on Upbit with double-digit gains.
CryptoQuant CEO Ki Young Ju said noted that Korean traders started to drive up prices as arbitrage bots, which normally align Korean and international prices, stopped working.
Upbit got hacked and paused withdrawals, but Koreans are pumping alts since arbitrage bots are no longer running. pic.twitter.com/Y1AnRDqrgz
This interruption created an immediate disconnect, highlighting how much Korean retail relies on Upbit. Disparities spiked: ORCA traded at a 95.6% premium to global prices. Similarly, Meteora traded at an 82% premium and Raydium at a 46% premium, driven by local buying pressure alone.
Review and lack of timing
Upbit initiated a comprehensive security review of the entire deposit and withdrawal system before services resumed. The exchange emphasised that the breach only affected the hot wallet for operational liquidity. However, no technical details on the cause of the breach were disclosed.
The exchange, which operates under the Korean regulatory framework, will resume deposit and withdrawal services sequentially as soon as security reviews confirm its stability.
However, Upbit did not provide a specific timeline for the completion of the audit or the restoration of normal operations. The $32 million loss ranks among the largest breaches in 2025, but is a far cry from the largest historical exploits.
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
South Korean cryptocurrency markets were rocked by a dramatic and unexpected event. The Upbit exchange, the country's leading exchange by trading volume, suspended deposits and withdrawals of digital assets on 27 November, following a hacking attack that stole some 44.5 billion won ($32 million) in tokens based on the Solana network.
Upbit's Theft and Immediate Response
The breach occurred at around 4:42am local time, involving 24 Solana-based assets, including SOL, JUP, ORCA and BONK, which were transferred without authorisation from an operational hot wallet to undesignated external wallets. Upbit immediately confirmed that the reserves held in its cold wallets were not compromised and promptly moved all remaining assets into safe custody.
In a statement to reassure customers, the CEO of Upbit, Oh Kyung-seok, pledged to cover the entire loss using the platform's reserves. Upbit's operator, Dunamu, also revised downwards its initial damage estimate from 54 billion won after a recalculation of prices.
In addition, the exchange acted by freezing about 2.3 billion won in Solayer on-chain, working with authorities and project teams to track the remaining funds, most of which remain unrecovered.
Hyperbolic Premiums on the Local Market
Despite the alert and suspension of services, the local market reacted abnormally. By mid-afternoon South Korean time, Solana-based tokens were trading on Upbit with double-digit gains.
CryptoQuant CEO Ki Young Ju said noted that Korean traders started to drive up prices as arbitrage bots, which normally align Korean and international prices, stopped working.
This interruption created an immediate disconnect, highlighting how much Korean retail relies on Upbit. Disparities spiked: ORCA traded at a 95.6% premium to global prices. Similarly, Meteora traded at an 82% premium and Raydium at a 46% premium, driven by local buying pressure alone.
Review and lack of timing
Upbit initiated a comprehensive security review of the entire deposit and withdrawal system before services resumed. The exchange emphasised that the breach only affected the hot wallet for operational liquidity. However, no technical details on the cause of the breach were disclosed.
The exchange, which operates under the Korean regulatory framework, will resume deposit and withdrawal services sequentially as soon as security reviews confirm its stability.
However, Upbit did not provide a specific timeline for the completion of the audit or the restoration of normal operations. The $32 million loss ranks among the largest breaches in 2025, but is a far cry from the largest historical exploits.
Read Next
UK crypto heist: convictions and self-custody risk
A heist of more than 4.3 million in cryptocurrencies in the UK calls into question the security of self-custody and the risks of the human factor.
Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit
China accuses Washington of 'draining' 127,000 BTC from LuBian in 2020. Researchers link the exploit to a flaw in key generation.
New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.