South Korea's Upbit Exchange Loses $37 Million In Solana Network Hack, Pledges Full Customer Reimbursement

Upbit, South Korea’s largest cryptocurrency exchange operated by Dunamu Inc., confirmed Thursday that hackers stole approximately $37 million worth of Solana (CRYPTO: SOL) based tokens in an early morning security breach. The incident marks the second major hack for the platform, occurring almost exactly six years after its devastating 2019 attack.

What Happened

The unauthorized withdrawals were detected at 4:42 AM KST on November 27, 2025, when monitoring systems flagged abnormal outflow activity on the Solana network. Multiple tokens including SOL, USD Coin, Bonk, Jupiter, Raydium, Render Token, and several memecoins were transferred to unknown external wallets.

Oh Kyung-seok, CEO of Dunamu, immediately suspended all Solana deposits and withdrawals. “We immediately identified the extent of the digital asset outflow and will cover the entire amount with Upbit assets to ensure no damage to members’ assets,” Oh stated in an official notice.

The exchange has frozen approximately $8.18 million worth of Solaire tokens through coordination with developers and is working with blockchain security teams and law enforcement to trace remaining stolen funds.

The Anniversary Connection

The timing carries significance. This attack occurred almost exactly six years after Upbit’s previous major incident on November 27, 2019, when hackers stole 342,000 Ethereum (CRYPTO: ETH) from the exchange. That breach, valued at $41.5 million at the time, would be worth over $1 billion today.

South Korean authorities confirmed in November 2024 that the 2019 attack was orchestrated by North Korean hacking groups Lazarus and Andariel. Blockchain analysis firm Chainalysis reported that North Korea’s Lazarus Group stole over $1.3 billion from cryptocurrency projects in 2024 alone.

While no evidence currently links the November 27, 2025 attack to North Korean actors, security analysts note the anniversary timing warrants investigation.

Merger Timing Raises Questions

The breach occurred just one day after Dunamu announced a corporate restructuring. On November 26, 2025, South Korea’s Naver Financial revealed plans to acquire Dunamu through a stock swap merger valued at approximately $10.29 billion. The timing raises questions about whether attackers chose this moment while company leadership focused on merger proceedings.

Industry Security Concerns

This incident adds to growing concerns about cryptocurrency exchange security. The Bybit exchange suffered the largest crypto hack in history in February 2025, losing $1.4 billion in Ethereum when hackers exploited multi signature wallet vulnerabilities.

Upbit’s breach highlights ongoing security challenges with hot wallets, which remain connected to the internet to facilitate rapid trading. Security experts emphasize that hot wallets represent inherent vulnerabilities, though they’re necessary for user experience and liquidity.

Regulatory Scrutiny

The hack comes amid heightened regulatory pressure. In November 2024, South Korea’s Financial Intelligence Unit identified as many as 600,000 potential Know Your Customer violations at Upbit during a business license renewal review. These violations could result in fines potentially totaling tens of millions of dollars.

Upbit also faces an antitrust investigation by South Korea’s Fair Trade Commission examining potential abuses of market dominance.

What’s Next

Upbit has not provided a timeline for resuming normal Solana network operations. The exchange stated that services will only resume after ensuring complete platform safety. All customer funds remain secure, with the exchange absorbing the entire $37 million loss from corporate reserves.

Price Action: At press time, Solana was trading at approximately $188, down 2.59% in the last 24 hours. Bitcoin (CRYPTO: BTC) and Ethereum showed minor declines, suggesting limited contagion effect on broader cryptocurrency markets.

Benzinga Disclaimer: This article is from an unpaid external contributor. It does not represent Benzinga’s reporting and has not been edited for content or accuracy.