Marketdash
Back to News

Upbit Hit with $37 Million Solana Hack on Six-Year Anniversary of Previous Breach

MarketDash Editorial Team
10 days ago
South Korea's largest crypto exchange suffered a $37 million theft of Solana-based tokens in an early morning attack. The platform promises full customer reimbursement, but the timing—exactly six years after a massive Ethereum hack—has raised eyebrows among security analysts.

The Attack Details

Here's a scenario no crypto exchange wants to experience: Your monitoring systems light up at 4:42 AM flagging abnormal activity, and you realize hackers are actively draining tokens from your platform. That's exactly what happened Thursday morning to Upbit, South Korea's largest cryptocurrency exchange operated by Dunamu Inc.

The attackers made off with approximately $37 million worth of Solana (SOL) based tokens, including SOL itself along with USD Coin, Bonk, Jupiter, Raydium, Render Token, and several memecoins. All of it vanished into unknown external wallets on the Solana network.

Upbit CEO Oh Kyung-seok moved quickly, immediately suspending all Solana deposits and withdrawals. "We immediately identified the extent of the digital asset outflow and will cover the entire amount with Upbit assets to ensure no damage to members' assets," Oh stated in an official notice. The exchange managed to freeze roughly $8.18 million worth of Solaire tokens by coordinating with developers, and they're now working with blockchain security teams and law enforcement to trace the rest.

A Troubling Anniversary

The timing here is genuinely weird. This attack happened almost exactly six years after Upbit's previous major hack on November 27, 2019, when thieves stole 342,000 Ethereum (ETH) from the platform. That breach was valued at $41.5 million back then, which would be worth over $1 billion at today's prices.

South Korean authorities confirmed in November 2024 that the 2019 incident was the work of North Korean hacking groups Lazarus and Andariel. These aren't small-time operators either. Blockchain analysis firm Chainalysis reported that North Korea's Lazarus Group alone stole over $1.3 billion from cryptocurrency projects in 2024.

There's currently no evidence linking the 2025 attack to North Korean actors, but security analysts are noting that the anniversary timing is suspicious enough to warrant serious investigation.

Merger Complicates the Picture

Adding another layer of intrigue: this breach occurred just one day after Dunamu announced major corporate restructuring. On November 26, South Korea's Naver Financial revealed plans to acquire Dunamu through a stock swap merger valued at approximately $10.29 billion.

Was this coincidental timing? Or did attackers deliberately strike while company leadership was focused on merger proceedings? It's a question worth asking, especially given how sophisticated these operations can be.

The Broader Security Problem

Upbit's troubles fit into a disturbing pattern across the crypto industry. The Bybit exchange suffered the largest crypto hack in history back in February 2025, losing $1.4 billion in Ethereum when hackers exploited multi-signature wallet vulnerabilities.

The fundamental issue comes down to hot wallets—digital wallets that remain connected to the internet to facilitate rapid trading. They're necessary for user experience and liquidity, but they also represent inherent vulnerabilities. Security experts have been sounding this alarm for years, but exchanges face a difficult trade-off between security and functionality.

Regulatory Pressure Mounting

This hack couldn't have come at a worse time for Upbit from a regulatory perspective. In November 2024, South Korea's Financial Intelligence Unit identified as many as 600,000 potential Know Your Customer violations at Upbit during a business license renewal review. Those violations could result in fines potentially totaling tens of millions of dollars.

The exchange is also dealing with an antitrust investigation by South Korea's Fair Trade Commission examining potential abuses of market dominance. Getting hacked for $37 million while already under regulatory scrutiny is not exactly ideal optics.

What Happens Now

Upbit hasn't provided a timeline for resuming normal Solana network operations. The exchange stated that services will only resume after ensuring complete platform safety, which seems like the right approach even if customers are impatient.

The good news for Upbit users: all customer funds remain secure, with the exchange absorbing the entire $37 million loss from corporate reserves. That's the kind of customer protection you want to see, though it's obviously preferable not to get hacked in the first place.

Price Action: At press time, Solana was trading at approximately $188, down 2.59% in the last 24 hours. Bitcoin (BTC) and Ethereum showed minor declines, suggesting limited contagion effect on broader cryptocurrency markets.

Back to News

Upbit Hit with $37 Million Solana Hack on Six-Year Anniversary of Previous Breach

MarketDash Editorial Team
10 days ago
South Korea's largest crypto exchange suffered a $37 million theft of Solana-based tokens in an early morning attack. The platform promises full customer reimbursement, but the timing—exactly six years after a massive Ethereum hack—has raised eyebrows among security analysts.

The Attack Details

Here's a scenario no crypto exchange wants to experience: Your monitoring systems light up at 4:42 AM flagging abnormal activity, and you realize hackers are actively draining tokens from your platform. That's exactly what happened Thursday morning to Upbit, South Korea's largest cryptocurrency exchange operated by Dunamu Inc.

The attackers made off with approximately $37 million worth of Solana (SOL) based tokens, including SOL itself along with USD Coin, Bonk, Jupiter, Raydium, Render Token, and several memecoins. All of it vanished into unknown external wallets on the Solana network.

Upbit CEO Oh Kyung-seok moved quickly, immediately suspending all Solana deposits and withdrawals. "We immediately identified the extent of the digital asset outflow and will cover the entire amount with Upbit assets to ensure no damage to members' assets," Oh stated in an official notice. The exchange managed to freeze roughly $8.18 million worth of Solaire tokens by coordinating with developers, and they're now working with blockchain security teams and law enforcement to trace the rest.

A Troubling Anniversary

The timing here is genuinely weird. This attack happened almost exactly six years after Upbit's previous major hack on November 27, 2019, when thieves stole 342,000 Ethereum (ETH) from the platform. That breach was valued at $41.5 million back then, which would be worth over $1 billion at today's prices.

South Korean authorities confirmed in November 2024 that the 2019 incident was the work of North Korean hacking groups Lazarus and Andariel. These aren't small-time operators either. Blockchain analysis firm Chainalysis reported that North Korea's Lazarus Group alone stole over $1.3 billion from cryptocurrency projects in 2024.

There's currently no evidence linking the 2025 attack to North Korean actors, but security analysts are noting that the anniversary timing is suspicious enough to warrant serious investigation.

Merger Complicates the Picture

Adding another layer of intrigue: this breach occurred just one day after Dunamu announced major corporate restructuring. On November 26, South Korea's Naver Financial revealed plans to acquire Dunamu through a stock swap merger valued at approximately $10.29 billion.

Was this coincidental timing? Or did attackers deliberately strike while company leadership was focused on merger proceedings? It's a question worth asking, especially given how sophisticated these operations can be.

The Broader Security Problem

Upbit's troubles fit into a disturbing pattern across the crypto industry. The Bybit exchange suffered the largest crypto hack in history back in February 2025, losing $1.4 billion in Ethereum when hackers exploited multi-signature wallet vulnerabilities.

The fundamental issue comes down to hot wallets—digital wallets that remain connected to the internet to facilitate rapid trading. They're necessary for user experience and liquidity, but they also represent inherent vulnerabilities. Security experts have been sounding this alarm for years, but exchanges face a difficult trade-off between security and functionality.

Regulatory Pressure Mounting

This hack couldn't have come at a worse time for Upbit from a regulatory perspective. In November 2024, South Korea's Financial Intelligence Unit identified as many as 600,000 potential Know Your Customer violations at Upbit during a business license renewal review. Those violations could result in fines potentially totaling tens of millions of dollars.

The exchange is also dealing with an antitrust investigation by South Korea's Fair Trade Commission examining potential abuses of market dominance. Getting hacked for $37 million while already under regulatory scrutiny is not exactly ideal optics.

What Happens Now

Upbit hasn't provided a timeline for resuming normal Solana network operations. The exchange stated that services will only resume after ensuring complete platform safety, which seems like the right approach even if customers are impatient.

The good news for Upbit users: all customer funds remain secure, with the exchange absorbing the entire $37 million loss from corporate reserves. That's the kind of customer protection you want to see, though it's obviously preferable not to get hacked in the first place.

Price Action: At press time, Solana was trading at approximately $188, down 2.59% in the last 24 hours. Bitcoin (BTC) and Ethereum showed minor declines, suggesting limited contagion effect on broader cryptocurrency markets.

    Upbit Hit with $37 Million Solana Hack on Six-Year Anniversary of Previous Breach - MarketDash News