Upbit’s $36M Solana Hot Wallet Breached Amid $10B Naver Acquisition: Exchange Freezes Withdrawals, Vows Full Reimbursement
Introduction
South Korea’s largest cryptocurrency exchange, Upbit, temporarily suspended deposits and withdrawals on Thursday, November 27, 2025, after detecting approximately $36 million in unauthorized outflows from a Solana-network hot wallet. The breach occurred around 4:42 am local time (7:42 pm UTC), prompting an immediate security review and platform-wide transfer freeze. While the incident raised concerns about exchange security, Upbit confirmed that customer funds would be fully reimbursed and emphasized that cold-wallet reserves remained untouched. The timing of the breach is particularly significant, as it coincides with parent company Dunamu’s landmark $10.3 billion acquisition deal with South Korean tech giant Naver. This event has drawn comparisons to Upbit’s 2019 security breach, which involved nearly $50 million in losses attributed to the North Korean hacking group Lazarus.
The Breach: Timeline and Immediate Response
Upbit first identified suspicious transfers from its Solana hot wallet in the early hours of November 27, 2025. The exchange acted swiftly, halting deposit and withdrawal services across all supported cryptocurrencies—not just Solana-based assets—and initiating a comprehensive security audit. According to the announcement, the breach was confined to the hot wallet, with no impact on cold storage reserves. Upbit moved its remaining hot wallet assets into cold storage and attempted on-chain freezing measures to mitigate further losses.
The exchange’s transparent communication stood out: it assured users that trading would continue uninterrupted, allowing buy and sell orders within the platform, while pausing external transfers. This approach mirrors industry best practices, balancing operational continuity with security precautions during crises.
Historical Context: Upbit’s 2019 Breach and Lessons Learned
This is not Upbit’s first encounter with a significant security breach. In 2019, the exchange lost nearly $50 million in an attack orchestrated by Lazarus, a North Korean state-sponsored hacking group. That incident exposed vulnerabilities in Upbit’s infrastructure and prompted a sweeping overhaul of its security protocols.
Comparing the two events reveals key differences. The 2019 breach involved a broader compromise, whereas the 2025 incident was isolated to a Solana hot wallet. Additionally, Upbit’s response this time included pre-emptive measures such as on-chain freezing and immediate public disclosure—a marked improvement from its earlier handling of security issues. The recurrence of breaches at a major exchange like Upbit underscores the persistent challenges crypto platforms face in safeguarding digital assets, even as security technology evolves.
User Protection and Reimbursement Pledge
A critical aspect of Upbit’s response was its commitment to reimbursing affected users. The exchange explicitly stated that all losses resulting from the breach would be covered by its reserves, ensuring no customer would bear financial harm. While Upbit did not specify a timeline for reimbursement, it assured users that no action would be required on their part to recover funds.
This reimbursement strategy aligns with practices adopted by other major exchanges following security incidents. For instance, after the 2014 Mt. Gox collapse, many platforms began emphasizing reserve funds and insurance policies to protect user assets. Upbit’s pledge reinforces its effort to maintain trust, though the absence of a clear reimbursement schedule has left some users seeking further clarity.
Regulatory Scrutiny and On-Site Inspections
Local financial authorities have launched on-site inspections to investigate the breach. These examinations aim to determine the root cause of the incident and assess Upbit’s compliance with South Korea’s strict cryptocurrency regulations. Regulatory oversight has intensified in recent years, particularly after the Terra-Luna collapse in 2022, which prompted lawmakers to enforce stricter reserve and reporting requirements for exchanges.
The involvement of regulators highlights the growing intersection of cybersecurity and compliance in the crypto industry. Exchanges operating in South Korea are required to adhere to guidelines set by the Financial Services Commission (FSC), including periodic audits and real-time transaction monitoring. The outcome of these inspections could influence future regulatory frameworks and security standards for digital asset platforms.
Dunamu’s $10B Naver Acquisition: A Strategic Move Amid Crisis
The breach occurred just one day after Dunamu, Upbit’s parent company, announced a $10.3 billion acquisition deal with Naver Financial, a subsidiary of South Korea’s leading search engine platform, Naver. Under the agreement, Naver will issue 87.5 million new shares to Dunamu shareholders and integrate Dunamu as a wholly owned subsidiary.
The acquisition is part of a broader strategy to expand Dunamu’s global footprint and diversify its business operations. In addition to the merger, Dunamu plans to pursue an initial public offering (IPO) in the United States. The company also aims to invest nearly $7 billion over the next five years in Web3 and artificial intelligence technologies, signaling its long-term commitment to innovation despite short-term setbacks.
Broader Implications for Exchange Security
The Upbit breach highlights ongoing vulnerabilities associated with hot wallets—software-based wallets connected to the internet. While hot wallets offer convenience for frequent transactions, they are inherently more exposed to cyber threats than cold wallets, which store assets offline.
This incident follows a pattern of high-profile exchange breaches, including the 2018 Coincheck hack in Japan, where $530 million in NEM tokens were stolen, and the 2022 KuCoin breach, which resulted in $280 million in losses. Unlike those events, however, Upbit’ breach was contained quickly, and user funds were guaranteed—a sign of maturity in how exchanges now handle security failures.
Conclusion: Navigating Security and Growth in Crypto
The Upbit breach serves as a stark reminder of the persistent security challenges facing cryptocurrency exchanges, even as they scale and innovate. While the incident involved significant losses, Upbit’s transparent response and reimbursement pledge demonstrate progress in crisis management compared to earlier industry failures.
For crypto participants, this event underscores the importance of choosing exchanges with robust security measures and clear user protection policies. It also highlights the need for continuous vigilance as the industry evolves amid regulatory changes and technological advancements.
Moving forward, stakeholders should monitor:
- The results of regulatory inspections into Upbit.
- Dunamu’s integration with Naver and its upcoming U.S. IPO.
- Broader trends in exchange security, including adoption of multi-signature wallets and decentralized custody solutions.
As the crypto landscape matures, balancing innovation with security will remain paramount for institutions and users alike.