South Korea’s largest cryptocurrency exchange is reviewing activity after a series of unauthorized transfers
Upbit, South Korea’s largest cryptocurrency exchange, temporarily halted all deposits and withdrawals this week after detecting roughly $36 million in unauthorized transfers from one of its Solana-network hot wallets. The suspicious activity was flagged earlier today, prompting the exchange to immediately freeze movement of funds and launch a full security review across all supported assets.
The company said the breach affected only its hot wallet, while cold-storage reserves remained secure. As a precaution, Upbit transferred remaining assets into cold wallets and attempted onchain freezes to prevent further losses. Trading on the exchange is still active, but users cannot move crypto in or out until the investigation is complete.
The incident has placed new pressure on Upbit’s parent company, Dunamu, which just announced a $10.3 billion acquisition deal with tech giant Naver. It also resurfaced concerns from Upbit’s 2019 breach, when hackers linked to North Korea’s Lazarus Group stole nearly $50 million from the exchange.
Upbit assured customers that all affected balances will be fully reimbursed from company reserves. No customer action is required to recover funds, though the exchange said users should remain patient while it completes a platform-wide audit and works with regulators. A specific timeline for reopening deposits and withdrawals has not been provided.
Financial authorities in South Korea have already begun on-site inspections to determine how the breach occurred. Security experts noted that exchanges remain major targets for hackers due to the large amounts of crypto stored on centralized platforms. Recent industry reports show billions lost to hacks and exploits so far in 2025, underscoring the growing risks.
The security incident comes at a critical time for Dunamu, which is planning a US IPO and a multibillion-dollar investment push into Web3 and AI alongside Naver.
