Solana News Today: Six Years Later: Upbit's $38M Solana Hack Exposes Unresolved Crypto Security Gaps

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Saturday, Nov 29, 2025 6:26 am ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Upbit, South Korea's largest crypto exchange, confirmed a $36–38M Solana-based asset hack, mirroring its 2019

Ethereum
breach.

- Attack occurred days before its 2019 hack anniversary, with stolen tokens including SOL,

USDC
, and
BONK
, totaling 54 billion won.

- Upbit froze $8.18M in LAYER tokens, halted

Solana
transactions, and pledged full user reimbursement from corporate reserves.

- The breach coincided with Dunamu's $10.29B Naver Financial merger announcement, raising concerns about leadership focus gaps.

- Regulators scrutinize Upbit for KYC violations and antitrust issues, while experts warn hot wallets remain a critical crypto security vulnerability.

South Korea's largest cryptocurrency exchange, Upbit, has confirmed a $36–38 million hack targeting Solana-based assets, with the breach occurring just days before the six-year anniversary of its 2019

Ethereum
heist. The incident, detected at 4:42 a.m. KST on November 27, 2025, involved unauthorized withdrawals of tokens including
SOL
,
USDC
,
BONK
, JUP, and others, totaling approximately 54 billion Korean won.
Upbit immediately halted Solana network deposits
and withdrawals, moved assets to cold storage, and pledged to reimburse users from corporate reserves, ensuring no personal losses.

The hack mirrors Upbit's 2019 breach, when 342,000 ETH ($41.5 million at the time) was stolen and later attributed to North Korean hacking groups Lazarus and Andariel. While no direct link has been established between the 2025 attack and North Korean actors, the timing has raised questions among analysts.

The incident also coincided with Dunamu's announcement
of a $10.29 billion merger with Naver Financial, prompting speculation that attackers exploited a moment of heightened leadership focus.

Upbit's response included freezing $8.18 million worth of

LAYER
tokens and collaborating with blockchain security teams and law enforcement to trace stolen funds. The exchange emphasized that all user assets remain secure, with services resuming only after a comprehensive security audit. However,
the breach highlights ongoing vulnerabilities
in hot wallets-online wallets used for rapid transactions-which remain a critical risk for exchanges.

Regulatory scrutiny is intensifying for Upbit. In November 2024, South Korea's Financial Intelligence Unit identified 600,000 potential Know Your Customer (KYC) violations during a license renewal review, which could result in fines totaling tens of millions of dollars.

The exchange also faces an antitrust investigation
by the Fair Trade Commission over alleged market dominance abuses.

Industry experts warn that hot wallets, while essential for liquidity, are inherently exposed to sophisticated attacks. Analysts recommend users store long-term assets in cold wallets and limit trading balances on exchanges. The 2025 breach follows a broader trend of security lapses in the crypto sector, including Bybit's $1.4 billion hack in February 2025, underscoring the need for stronger custodial practices .

As investigations continue, Upbit's ability to maintain user trust will hinge on its transparency and the effectiveness of its security overhauls. The incident also casts a shadow over the Dunamu-Naver merger, with regulators likely to scrutinize the deal's financial stability implications. For now, the exchange remains committed to absorbing the full loss, a stance that has become a hallmark of its response to major breaches .