Haciyev Reşit 
South Korea’s largest cryptocurrency exchange, Upbit, announced that it suffered a major hack worth approximately $37 million following large-scale abnormal withdrawal activities on the Solana network. After the incident was detected, the exchange temporarily suspended all deposit and withdrawal services to protect user funds. This development created significant shock across the market, as it represents a serious security breach at one of the biggest crypto platforms in the region.
Solana-Based Tokens Transferred to an Unknown Wallet
According to Upbit, the attack was detected around 04:42 KST (23:42 TSI) when an unusual token movement was observed in the system. Initial investigation revealed that various Solana-based tokens were rapidly withdrawn from the platform and sent to an unidentified external wallet. The fact that the movements targeted a single wallet in a coordinated fashion suggests that the attack was not random but a pre-planned and highly organized operation.
Upbit confirmed that 54 billion KRW (approximately $36 million) worth of assets on the Solana network were stolen. The compromised tokens include several popular assets in the Solana ecosystem such as SOL, BONK, PYTH, ORCA, RAY, JTO, USDC, and many others. The attack impacted more than 20 tokens in total, including 2Z, ACS, DOOD, DRIFT, HUMA, IO, JUP, LAYER, ME, MEW, MOODENG, PENGU, RENDER, SONIC, SOON, TRUMP, and W.
Upbit Moves Assets to Cold Wallets; $8.18 Million Frozen in Initial Response
Upon detecting the breach, Upbit immediately transferred all hot wallet assets to cold wallets as an additional security precaution. The exchange also contacted various projects within the Solana ecosystem to initiate token freeze procedures.
The first successful result came from the freezing of LAYER tokens worth $8.18 million. Upbit continues to coordinate with project teams and regulatory authorities to freeze additional stolen assets and prevent the stolen funds from being moved further.
Upbit: “We Will Not Allow Any User Losses”
In its official statement after the attack, Upbit reiterated that all user funds would be fully protected. The exchange stated that it will compensate all losses using its own reserves, ensuring that customers do not suffer any financial impact. This approach aligns with previous strategies adopted by Korean exchanges when handling security incidents in the past.
Investigation Into the Source of the Attack
Upbit has not yet disclosed technical details regarding how the exploit occurred. The platform stated that it is conducting a comprehensive investigation to determine the exact vulnerability that enabled the attack. Experts note that the focus on Solana may not be a coincidence, as Solana’s high transaction throughput could have been leveraged by attackers. However, whether the breach stemmed from an internal technical flaw or an external malicious compromise will become clearer in the coming days.
Upbit also confirmed that a total of $38.5 million worth of assets were transferred to the unknown wallet on November 27. The exchange has suspended all platform operations until the security renewal process is fully completed. Upbit emphasized that its team is working 24/7 during this period to ensure maximum protection of user funds.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.