Exchange Responds to Security Breach with Phased Service Restoration
Upbit has announced the scheduled resumption of digital asset deposits and withdrawals on December 1 at 1:00 PM KST. This follows a significant security breach on November 27, which resulted in the theft of Solana-based tokens from the exchange's hot wallets. Hackers reportedly stole approximately 44.5 billion KRW, valued between $30 million and $36 million USD, targeting assets including Solana (SOL), USDC, and Bonk (BONK). This incident differs from the exchange's previous Ethereum-focused attack in 2019, and intelligence suggests North Korea’s Lazarus Group may be responsible for the breach.
Dear Traders,
To apply the Tick Size Adjustment for the SGD Market and improve trading experience, we will conduct scheduled server maintenance.
Schedule
• 19:00 Dec 1, 2025 ~ (approximately 1 hour), Singapore Time
• The maintenance duration may vary depending on system… pic.twitter.com/piOxMoq3KD— Upbit Global (@upbitglobal) November 30, 2025
In response to the hack, Upbit immediately halted all transfers. To address vulnerabilities and reinforce wallet security, the exchange has deleted all old deposit addresses and now requires users to generate new ones for each asset. Users are advised to create fresh addresses and remove any previously saved Upbit addresses from their personal wallets or other platforms to prevent potential delays or loss of funds. Deposits made during the suspension period will be processed upon service resumption, although some delays may occur.
Enhanced Security Measures and Phased Service Rollout
Upbit emphasizes that using outdated deposit addresses risks processing issues. The exchange is implementing a phased rollout of services for networks that have successfully passed wallet checks and security reviews. Staking and NFT deposits on these networks will follow after comprehensive stability tests. Deposits made to outdated addresses during this upgrade period may experience delays.
Commitment to Full User Compensation and Asset Recovery
Upbit has pledged to cover 100% of user losses from its corporate reserves. In parallel, the exchange is collaborating with token foundations to freeze approximately $8.18 million in stolen assets, including LAYER, which represents about 22% of the total stolen amount and is now rendered unusable by the thieves. Users may observe price fluctuations due to the service downtime, and certain assets, such as airdrops or delisted tokens, might be restricted to withdrawal-only access. Existing suspensions on other services will remain in effect until they are resolved.
As South Korea's leading exchange by trading volume, Upbit has demonstrated a swift response amidst a growing trend of hacks targeting the Solana ecosystem in 2025.
Despite the $37 million hack and ongoing regulatory scrutiny concerning market concentration, Upbit's parent company, Dunamu, continues to pursue its strategy of achieving a Nasdaq IPO through a merger with Naver. This initiative, subject to approval, aims to enhance Wall Street's access to the Asian crypto market. However, the recent hack and domestic oversight present significant challenges to Dunamu's objectives and public image.