On November 27, 2025, Upbit, the leading South Korean cryptocurrency exchange operated by Dunamu, confirmed a security breach involving assets held in a Solana hot wallet.
At approximately 04:42 UTC on November 27, abnormal withdrawals were detected from a wallet address not designated for exchange operations. The unauthorized transfers drained about 54 billion KRW (approx. $36 million) worth of tokens, including BONK, MOODENG, TRUMP, SONIC, ACS, JTO, SOL, RAY and USDC.
Upon identification of the breach, Upbit immediately halted deposit and withdrawal services for the affected assets and initiated an emergency security review of all wallet systems. Remaining funds were relocated to cold storage to prevent further unauthorized access. The exchange is coordinating with project teams to implement on-chain freezes where possible, having already secured a freeze on a portion of Solayer tokens.
Dunamu CEO Oh Kyung-seok issued a public notice stating that Upbit will fully compensate the lost assets from corporate reserves to ensure no user’s balance is impacted. The exchange pledged to complete a thorough systemwide security audit prior to resuming full services and to enhance multi-signature controls and monitoring protocols.
This incident underscores the persistent risks associated with hot-wallet storage of digital assets and highlights the importance of continuous security improvements. Upbit’s commitment to reimburse users in full aims to maintain confidence in its platform amid growing regulatory scrutiny and competitive pressures in the global crypto exchange landscape.
Comments (0)