Upbit Solana hack: South Korea’s leading exchange lost $36.8 million in a North Korea-linked breach on November 27, 2025. Services were suspended, but deposits and withdrawals will resume in phases from December 1, 2025, at 1 PM KST, with full customer protection via reserves.
Upbit detected the hack at 4:42 AM KST, involving unauthorized withdrawals of SOL, USDC, and over 20 Solana assets like BONK and JUP.
Following the breach, Upbit froze $8.18 million in stolen LAYER tokens and shifted assets to cold storage to limit damage.
The Lazarus Group, suspected in the attack, caused over $300 million in crypto losses in 2023, per Immunefi data, highlighting persistent threats.
Upbit Solana hack exposes crypto vulnerabilities after $36.8M loss; phased service restart begins Dec 1, 2025. Learn details on recovery, security measures, and implications for users. Stay informed on crypto safety today.
What is the Upbit Solana Hack?
Upbit Solana hack refers to a major security breach on November 27, 2025, where hackers stole approximately 54 billion Korean won ($36.8 million) worth of Solana-based assets from South Korea’s largest cryptocurrency exchange. The incident involved unauthorized withdrawals of SOL, USDC, and tokens like BONK, JUP, RAY, ORCA, RENDER, PYTH, and TRUMP, detected around 4:42 AM KST. Upbit responded swiftly by suspending all deposits and withdrawals, moving funds to cold storage, and freezing $8.18 million in LAYER tokens, with ongoing efforts to recover more.
How Did the Upbit Hack Unfold and What Are the Suspected Methods?
The Upbit Solana hack occurred shortly after Naver Financial’s announced 15.1 trillion won ($10.3 billion) acquisition of Dunamu, Upbit’s parent company, on November 26, 2025, though no direct link has been established. South Korean authorities suspect the Lazarus Group, a North Korean state-sponsored hacking entity, compromised administrator accounts or impersonated admins to authorize transfers. Blockchain analysis reveals the attackers swapped stolen Solana for USDC and bridged funds to Ethereum, aiming to obscure the trail. According to Immunefi, a blockchain security platform, Lazarus accounted for 17.6% of 2023’s total crypto hack losses, exceeding $300 million across incidents. This breach echoes Upbit’s 2019 hack, where 342,000 ETH was stolen, also attributed to Lazarus by investigators. Upbit’s CEO, Oh Kyung-seok, emphasized transparency, stating the exchange would cover all losses from its reserves to shield customers.
Frequently Asked Questions
What Caused the Upbit Solana Hack and How Much Was Stolen in the November 2025 Incident?
The Upbit Solana hack stemmed from a security breach exploiting Solana network vulnerabilities, leading to unauthorized withdrawals of about $36.8 million in assets including SOL, USDC, and various tokens like BONK and JUP. Detected early on November 27, 2025, the attack prompted immediate service suspension. South Korean officials point to North Korea’s Lazarus Group, known for similar operations, with blockchain traces showing fund laundering via USDC swaps and Ethereum bridges, ensuring no speculation beyond confirmed reports.
When Will Upbit Restart Deposits and Withdrawals After the Solana Hack?
Upbit plans to resume deposits and withdrawals in phases starting December 1, 2025, at 1 PM KST, beginning with assets like Akash Network’s AKT and Ethereum tokens such as 1INCH, AAVE, and ADT. Users must verify new deposit addresses as all assets migrate for security. Full restoration timelines depend on per-asset verifications, but trading continued uninterrupted during the suspension, with the Financial Supervisory Service’s inspection ongoing until December 5, 2025.
Key Takeaways
- Swift Response Mitigates Damage: Upbit’s immediate suspension and cold storage transfer froze $8.18 million, demonstrating effective crisis management in the Upbit Solana hack.
- Customer Protection Assured: CEO Oh Kyung-seok confirmed full loss coverage from reserves, preventing any user financial impact amid regulatory scrutiny.
- Ongoing Security Enhancements: Phased restarts with address migrations highlight the need for vigilant monitoring; users should update details promptly for seamless access.
Conclusion
The Upbit Solana hack underscores the evolving risks in cryptocurrency exchanges, with the $36.8 million loss tied to suspected Lazarus Group tactics mirroring past incidents. As services resume in phases from December 1, 2025, Upbit’s commitment to covering losses and collaborating with authorities reinforces trust in its operations. Investors should prioritize platforms with robust security, staying updated on developments to navigate the crypto landscape safely and confidently in the coming months.