The South Korean digital asset market was placed under scrutiny after Upbit, the nation’s largest crypto exchange, confirmed a major security incident resulting in the loss of roughly $38 million in Solana-based tokens.
The unauthorized activity was detected at approximately 4:42 a.m. KST on November 27, when a variety of assets, including SOL, USDC, BONK, and TRUMP, were moved from the exchange’s hot wallet to an external, unauthorized address.
NEW: UPBIT DISCLOSES ~$37M HACK ON SOLANA NETWORK – "TO PREVENT ANY DAMAGE TO MEMBER ASSETS, THE ENTIRE AMOUNT WILL BE COVERED BY UPBIT'S HOLDINGS. WE WOULD LIKE TO REITERATE THAT THIS WILL NOT AFFECT MEMBER ASSETS"
SOURCE: https://t.co/LaGePSDOj4 pic.twitter.com/JRQzOFX2ot
— DEGEN NEWS (@DegenerateNews) November 27, 2025
Operational Response and Financial Impact
Upon identifying the “abnormal withdrawal,” Dunamu CEO Oh Kyung-seok reported that the exchange immediately suspended all deposit and withdrawal functions to contain the outflow. This swift operational halt enabled the exchange to prevent additional losses. To secure remaining client holdings, Upbit transferred all unaffected digital assets into cold storage.
Following an internal system review confirming the scale of the drain, Upbit announced it would absorb the entire financial impact of the $38 million loss using its own corporate reserves. This commitment is intended to ensure that no user funds are compromised.
The exchange has already frozen approximately $8.20 million in stolen tokens through active on-chain monitoring. Now, it is collaborating with partner projects to track and block the remaining assets as investigators trace their movements across the network.
Regulatory and Institutional Context
The security lapse is expected to draw attention from South Korean law enforcement and financial regulators. Upbit has committed to supplying all necessary data to support an official investigation into the incident, which parallels a major attack the exchange suffered on the same date in 2019. That earlier breach involved the theft of 342,000 ETH, which authorities later attributed to North Korean state-sponsored actors. The historical parallel introduces heightened scrutiny regarding the current attack’s sophistication and origin.
The incident is also unfolding during a significant period for Upbit’s parent company, Dunamu. Reports indicate that Naver, a leading South Korean internet conglomerate, is actively pursuing a multibillion-dollar stock-swap merger to acquire Dunamu.
The security breach adds a layer of operational risk assessment to these corporate merger discussions, potentially influencing the stakeholder calculus regarding Upbit’s stability and its long-term objective of a potential Nasdaq listing. Upbit has initiated a comprehensive, system-wide audit of all deposit and withdrawal infrastructure, extending beyond the affected Solana components, and plans to gradually reopen services only after full stability is confirmed.