Upbit Hit Again: ₩44.5B Solana Hot-Wallet Hack Slams Korea’s Top Crypto Exchange

Key Takeaways:

• South Korean exchange Upbit has confirmed a hot-wallet breach on the Solana network, with roughly ₩44.5 billion in assets moved to unknown wallets.
• Only Solana-ecosystem assets in Upbit’s hot wallet were affected; cold wallets remain safe and the exchange says it will fully cover all losses from its own reserves.
• The incident echoes Upbit’s 2019 Ethereum hot-wallet hack and raises fresh questions about hot-wallet risk for SOL, USDC and popular Solana tokens held on centralized exchanges.

Upbit, South Korea’s leading crypto exchange, has reported another major security incident, this time on the Solana network. In the early hours of November 27, the platform detected abnormal withdrawals from its Solana hot wallet and immediately halted deposits and withdrawals while it moved remaining assets into cold storage.

Here’s what actually happened, which assets were hit, and why this matters for Solana traders and Korean crypto users.

Read More: Upbit Teases “Giwa”: South Korea’s Largest Exchange Prepares Blockchain Launch

Upbit Confirms Solana Hot-Wallet Breach

Upbit says the incident began around 04:42 KST on November 27, 2025, when its systems flagged unauthorized transfers of Solana-based assets to wallet addresses that were not designated by the exchange.

The exchange later clarified that:

• The abnormal withdrawals came only from a Solana-network hot wallet operated by Upbit.
• Funds held in cold wallets – segregated, offline storage were not compromised.
• The total outflow at the time of detection was estimated at about ₩44.5 billion in Solana-ecosystem assets, revised from an earlier rough estimate of ₩54 billion based on initial prices.

Upbit’s CEO, Oh Kyung-seok of operator Dunamu, issued a formal apology to users, stressing that all customer balances will be fully covered using Upbit’s own assets. According to the statement, no user is expected to take a direct financial hit from the hack.

Exchange Freezes Solana Deposits and Withdrawals

As soon as the suspicious transfers were detected, Upbit moved into full incident-response mode:

• All Solana-network deposits and withdrawals were suspended while security checks began.
• Remaining Solana-based funds were migrated to cold wallets to prevent further leakage.
• The exchange launched emergency reviews of its network, wallet infrastructure and access controls related not just to Solana, but to its broader deposit/withdrawal systems.

Upbit says deposits and withdrawals will gradually resume only after security and stability on each asset and network are fully verified. Trading on the spot market continues, but users cannot currently move Solana-based assets on or off the platform.

Solana Tokens Drained to Dozens of Unknown Wallets

The incident is not limited to SOL itself. Upbit’s notice lists a long roster of Solana-ecosystem tokens that were drained from the affected hot wallet and sent to dozens of unknown addresses.

These include, among others:

• SOL (Solana)
• USDC on Solana
• Popular Solana meme and community tokens such as BONK, PENGU, MEW, MOODENG
• DeFi and infrastructure tokens including RAY (Raydium), PYTH (Pyth Network), RENDER, ORCA, JUP (Jupiter), JTO, SONIC, 2Z, DRIFT, LAYER, ME, TRUMP, HUMA, IO, SOON, W and others

The on-chain trail shows assets being split and funneled into many different Solana wallet addresses, a common tactic used to make tracking and potential recovery more difficult.

Upbit has also:

• Attempted on-chain freezes where possible, coordinating with individual projects.
• Confirmed that approximately ₩2.3 billion worth of Solayer (LAYER) has already been frozen on-chain.
• Stated that it continues to work with relevant projects, blockchain analytics firms and law-enforcement agencies to track and, where possible, restrict the movement of stolen assets.

For now, most of the affected funds sit in external wallets beyond Upbit’s direct control, with investigations ongoing.

Read More: 27M Vanishes in BigONE Hack but That’s Not the Most Shocking Part of the Attack

Six Years After the 2019 Ethereum Hot-Wallet Heist

The timing of the Solana breach has not gone unnoticed in the crypto community. It lands on a grim anniversary for Upbit.

On November 27, 2019, exactly six years earlier, Upbit suffered a major attack on its Ethereum hot wallet, losing 342,000 ETH worth roughly ₩58 billion (around US$50 million at the time). That incident was later linked by investigators to North Korean state-backed hacker groups.

The 2025 incident is different in technical details and affected assets, but some key parallels stand out:

• Both attacks targeted hot wallets, the always-online stores used for processing day-to-day withdrawals.
• In both cases, Upbit suspended deposits and withdrawals immediately after detecting abnormal flows.
• The exchange again promised to use its corporate reserves to fully reimburse all customers.

The post Upbit Hit Again: ₩44.5B Solana Hot-Wallet Hack Slams Korea’s Top Crypto Exchange appeared first on CryptoNinjas.