South Korea’s largest crypto exchange, Upbit, has suspended deposits and withdrawals after detecting abnormal withdrawals tied to Solana network tokens early Thursday, Nov. 27. The company said roughly ₩54 billion (about $36–$37 million) was transferred to unauthorized wallets, and pledged to cover the loss in full while law enforcement and partners work to trace and freeze the funds.
The pause came as Upbit moved remaining assets to safety and kicked off an emergency review of Solana-linked wallets. The exchange emphasized that customer balances will not be affected, a message echoed across multiple reports as the story developed through the day.
The timeline at a glance
- ~04:40 a.m. KST (Nov 27): Upbit detects irregular outflows involving Solana-based tokens and flags “abnormal withdrawal activity.”
- Shortly after: Deposits and withdrawals are suspended, while Upbit routes funds to cold storage and coordinates with counterparties to freeze assets connected to the breach (local reports reference about ₩12 billion already frozen).
- Morning in Seoul: Exchanges, data providers and media tally the approximate loss at $36–$38.5 million, depending on token prices at the time of transfer.
- Company message: Upbit’s operator, Dunamu, apologizes and assures users it will absorb the loss and restore normal services after security checks and regulator notifications.
What was hit — and what wasn’t
All indications so far point to a hot-wallet compromise on the Solana network rather than a broad, multi-chain failure. That matters: exchanges hold small operational balances in hot wallets for speed, while the majority of funds typically sit in cold storage with stronger controls. Upbit’s rapid move to suspend flows is consistent with standard incident containment for centralized venues.
While several outlets catalogued which Solana-ecosystem tokens were swept up, the core fact is unchanged: about $37 million in Solana-linked assets left Upbit’s control and are now being tracked on-chain. The exchange says users won’t bear losses, a crucial assurance in a market still wary of counterparty risk.
Why this incident lands with extra weight
The breach arrived the same day Naver Financial announced a 10.27-billion-dollar deal to acquire Dunamu (Upbit’s operator) — a blockbuster move in Korea’s digital-asset landscape. Reuters noted that Naver’s shares initially popped on the deal but later slipped on news of the abnormal withdrawal, underscoring how operational security is priced in by mainstream investors. Upbit, for its part, reiterated it would cover the loss using its own funds.
It’s also impossible to ignore the history: Upbit previously suffered a major theft in 2019 (342,000 ETH), an episode that shows how exchange security must constantly evolve. The Carnegie Endowment’s financial-cyber timeline catalogs that earlier case among notable incidents in the sector.
Why users care (even if your funds are safe)
Even when an exchange promises to “make whole,” a hack can still disrupt access, delay withdrawals/deposits, and widen spreads in the short run. That’s particularly relevant for active traders or anyone who needs to exchange cryptoquickly during volatile windows. If you rely on centralized venues for daily exchange BTC or Solana-ecosystem swaps, now’s a good time to bookmark status pages, enable MFA, and consider segregating trading and long-term holdings. (Those aren’t Upbit-specific tips; they’re industry best practices.)
The wider signal for crypto-exchange security
Incidents like this reinforce three hard truths for centralized platforms:
- Hot wallets are a convenience risk. They enable fast customer service but create a standing target. The mitigation is minimizing hot balances, strict key ceremony, and alerting that triggers automatic freezes at the first sign of anomaly.
- Speed of response matters. Upbit’s quick suspension and cold-storage sweeps are textbook containment — the faster the lock-down, the smaller the blast radius and the greater the chance of freezing funds upstream.
- Reputation now extends beyond crypto. With large traditional-finance deals like Naver–Dunamu in play, exchange security lapses can ripple into equity markets and executive agendas.
Market impact: Solana price and liquidity
As is often the case, early reports focused less on immediate Solana (SOL) price action and more on operational continuity at the venue. The most material near-term market effects are likely to be withdrawal/transfer delays and temporary liquidity dislocations in the specific tokens affected, rather than a broad Solana-protocol shock — again, because the incident appears to be wallet-level at a centralized exchange.
The Conclusion
We’ll update this story as exchanges, investigators, and Upbit publish more detail. For now, the key facts are clear: $37 million stolen, users to be made whole, and another reminder that in crypto, operational security is part of the product, not a back-office afterthought.