Incident Overview

At approximately 04:42 UTC on November 27, abnormal withdrawal activity was detected in Upbit’s Solana hot wallet, prompting the immediate suspension of all digital asset deposits and withdrawals. Blockchain analysis revealed that unauthorized transfers, involving a diverse set of Solana-based tokens including BONK, JUP, RAY, ME, and others, amounted to approximately 54 billion won ($37 million). Upbit’s internal monitoring systems flagged the irregularity, triggering a series of emergency response protocols.

Exchange Response

Upon identification of the breach, the exchange’s security team moved swiftly to isolate the compromised wallet, freezing approximately 12 billion won worth of tokens related to the Solayer (SOY) incident. Assets were transferred to cold storage to prevent further unauthorized transactions. A full-scale security audit of all digital asset transfer systems has commenced, covering key management processes, transaction approval workflows, on-chain freezing mechanisms, and multi-signature wallet operations.

User Protections and Reimbursement

Upbit’s operator, Dunamu, announced that all user losses resulting from the incident will be fully covered by the exchange’s reserves to protect customer assets. Affected customers have been notified via email and in-app messages. The platform has established a dedicated support channel for users to report additional concerns. Withdrawal functionality will be reinstated in stages once independent security audits verify the bolstered safeguards.

Law Enforcement Collaboration

The company is working in close coordination with South Korean law enforcement, including the National Police Agency’s Cyber Bureau, to trace the stolen funds. On-chain analytics firms have been engaged to track token movements across multi-chain bridges, with the goal of identifying hosting wallets and intermediaries involved in laundering operations. Upbit’s leadership has pledged full cooperation to expedite the investigation and recovery of assets.

Industry Implications

The breach underscores persistent security challenges in decentralized finance and the importance of robust infrastructure for safeguarding digital assets. Industry participants are reminded that hot wallets remain vulnerable points of failure, reinforcing the need for multi-tiered security architectures, continuous monitoring, and cross-institution collaboration to deter and mitigate large-scale thefts.

Looking ahead, Upbit has committed to enhancing its on-chain threat detection capabilities, investing in AI-driven monitoring tools, and strengthening its incident response framework. These measures aim to fortify the exchange’s operations and maintain user trust amid an evolving threat landscape.

While this event represents one of the largest Solana network breaches in recent months, Upbit’s prompt reimbursement guarantee and transparent communication provide a model for crisis management in the crypto industry.