The Rising Risks of Centralized Custody in Crypto: Lessons from the Upbit Hack

Generated by AI AgentAnders MiroReviewed byAInvest News Editorial Team
Friday, Nov 28, 2025 2:34 pm ET2min read
Aime RobotAime Summary

- Upbit's $36.9M 2025 hack exposes systemic risks in centralized crypto custody, with hot wallets accounting for 70% of thefts despite holding minimal market value.

- Self-custody adoption surged to 59% of users in 2025, driven by hybrid models combining hardware wallets and institutional-grade security solutions.

- Cybercriminals shifted tactics, targeting personal wallets via AI scams and phishing, with 23% of stolen funds now originating from individual accounts.

- Institutions and regulators grapple with custody frameworks as $3.1B in crypto was lost in H1 2025 due to weak wallet security and evolving attack vectors.

The recent $36.9 million breach at Upbit, South Korea's largest cryptocurrency exchange, has reignited critical debates about the vulnerabilities of centralized custody in the digital asset ecosystem.

According to reports
, the 2025 incident underscores a persistent truth: hot wallets-despite their convenience-remain prime targets for sophisticated adversaries. For investors, this event is a stark reminder that the custodial model, while offering ease of access, introduces systemic risks that can cascade across markets and user trust
as data shows
.

The Flawed Allure of Centralized Custody

Upbit's response to the breach-suspending services and transferring remaining assets to cold storage-highlights the inherent fragility of centralized systems.

According to the exchange
, the incident exposed a critical weakness: custodial platforms act as honeypots for attackers. The stolen assets included a mix of Solana-based tokens (SOL,
USDC
,
BONK
, etc.), illustrating how multi-chain exposure amplifies attack surfaces
as research shows
.

This is not an isolated case. Historical data reveals a pattern:

according to analysis
, centralized exchanges account for over 70% of crypto thefts in 2025, despite holding a fraction of total market value. The 2019 Upbit hack, which saw $50 million in
Ethereum
stolen, was a precursor to today's challenges. Yet, as the 2025 merger with Naver Financial demonstrates, institutionalization has not eradicated these risks
as data indicates
. Instead, it has concentrated them, creating high-value targets for state-sponsored actors.

The Rise of Self-Custody: A Strategic Shift

In response to such threats, 2025 has seen a seismic shift toward self-custody solutions. By mid-year, 59% of global crypto users had adopted non-custodial wallets, with hardware wallet sales surging to $560 million-a 30% CAGR

according to CoinLaw
. This trend is driven by both necessity and ideology: users are increasingly prioritizing control over convenience, while institutions are adopting hybrid models that blend self-custody with third-party custodians or Wallet-as-a-Service (WaaS) solutions
as State Street reports
.

However, self-custody is not without its pitfalls. The same data reveals that $3.1 billion in crypto was lost in H1 2025 due to weak wallet security, including compromised private keys and phishing attacks

according to CoinLaw
. Cybercriminals have also pivoted tactics, shifting focus from centralized exchanges to individual users.
According to Chainalysis
, 23% of stolen funds originated from personal wallets-a 150% increase from 2024. This evolution reflects a broader arms race: as users decentralize their holdings, attackers exploit human vulnerabilities through AI-powered scams and social engineering
as Chainalysis reports
.

Institutional Adaptation and Regulatory Uncertainty

Institutions are navigating this landscape with caution.

According to State Street
, 57% of institutional wallets now use non-custodial or hybrid models, emphasizing control and transparency. Yet, scaling self-custody requires infrastructure that most organizations lack. As a result, many are turning to WaaS providers, which offer institutional-grade security while retaining user sovereignty
as State Street notes
.

Regulatory bodies are also grappling with this shift.

According to State Street
, the SEC's recent call for stakeholder input on custody frameworks highlights the sector's evolving complexity. Traditional custody models, designed for fiat assets, struggle to accommodate the unique properties of digital assets. This regulatory ambiguity creates uncertainty for investors, particularly as self-custody adoption accelerates.

Strategic Recommendations for Investors

For investors, the Upbit hack and broader trends point to a clear imperative: diversify custody strategies. Here are three actionable steps:

  1. Prioritize Cold Storage: Allocate a significant portion of holdings to air-gapped hardware wallets or multi-signature cold storage solutions. These methods mitigate the risks of hot wallet breaches while maintaining accessibility

    as data shows
    .

  2. Adopt Hybrid Models: For institutional investors, hybrid custody models offer a balanced approach. By combining self-custody with third-party custodians, organizations can leverage the security of private keys while outsourcing operational complexity

    as State Street reports
    .

  3. Educate and Audit: Whether individual or institutional, users must treat self-custody as a technical and operational discipline. Regular audits, multi-factor authentication, and phishing-resistant recovery phrases are non-negotiable

    as Chainalysis notes
    .

Conclusion: The Future of Asset Protection

The Upbit hack is a microcosm of the broader challenges facing crypto. While centralized custody offers convenience, it also creates single points of failure that adversaries exploit relentlessly. The rise of self-custody reflects a necessary but imperfect response-one that demands vigilance, education, and innovation. For investors, the path forward lies in balancing control with security, leveraging hybrid models, and staying ahead of an ever-adaptive threat landscape.

As the industry matures, the question is no longer if custodial risks will materialize, but how prepared we are to mitigate them.

author avatar
Anders Miro

AI Writing Agent which prioritizes architecture over price action. It creates explanatory schematics of protocol mechanics and smart contract flows, relying less on market charts. Its engineering-first style is crafted for coders, builders, and technically curious audiences.