Upbit,
South Korea’s dominant cryptocurrency exchange, suffered unauthorized
withdrawals totaling approximately $36.9 million (54 billion won) early
Thursday morning, marking the second time the platform has been breached on
November 27.
The
exchange detected unusual activity at 4:42 a.m. local time when Solana-linked
assets moved to an unidentified wallet address. Dunamu CEO Oh Kyung-seok
disclosed the breach during a press conference at 12:33 p.m., just hours after
the company had announced its merger with Naver Financial.
Upbit’s Six-Year
Anniversary of $50 Million Ethereum Theft
The timing
raised immediate concerns among security analysts. Exactly six years earlier,
on November 27, 2019, Upbit lost 342,000 Ethereum tokens worth approximately
$50 million in what authorities later confirmed was an attack by North Korean
hacking groups Lazarus and Andariel. At the time of that theft, Ethereum traded
around $146 to $149 per coin, putting the haul at roughly 58 billion won.
The 2019
stolen Ethereum would be worth significantly more today – approximately $1.04
billion at current prices. South Korean investigators eventually determined
that the attackers converted 57% of the stolen funds through three
cryptocurrency exchanges they controlled, while laundering the remainder
through 51 exchanges across 13 countries.
Upbit(@Official_Upbit) has been hacked — 54B KRW (~36.8M USD) in assets on #Solana have been transferred to unknown wallets.https://t.co/plbmBz2G4Nhttps://t.co/YOHoqDVfqa pic.twitter.com/DM5BxSTtXA
— Lookonchain (@lookonchain) November 27, 2025
Cryptocurrency
exchanges generally face a difficult environment. More than two years ago, the
exchange reported that in just the first half of 2023, there
were 159,000 attempted hacks against its systems. Its proximity to North
Korea and the presence of the Lazarus hacking group in the region add to the
risks.
Since the start of this year, cybercriminals from communist North Korea are estimated to have stolen more than 2 billion dollars’ worth of cryptocurrencies.
Hot Wallet Compromise
Triggers Platform Freeze
“Exchanges are
obviously massive honeypots for hackers,” said Trezor
CEO, Matěj Žák. “Independent reports estimate that more
than 2.5 billion dollars has already been stolen in 2025, including a single
1.5 billion dollar breach on the Bybit exchange. And since security is a moving
target, this problem is not going away.”
Thursday’s
breach affected multiple Solana-based tokens including SOL, USDC, BONK, JUP,
RAY, RENDER, ORCA, and PYTH. The company confirmed the intrusion was limited to
hot wallet storage, with cold wallet reserves remaining secure. Upbit
immediately moved remaining assets into cold storage and suspended all deposit
and withdrawal services across the platform as a precautionary measure.
“We
will fully cover the loss with Upbit’s own assets so that customers are not
affected in any way,” the company stated, assuring users no action would
be required to recover their funds. Trading continues to function normally on
the platform, though users cannot move assets on or off the exchange during the
ongoing security review.
Breach Comes Day After $10
Billion Naver Deal
The hack
arrived at a delicate moment for Dunamu. Just one day earlier, the company
finalized a $10.3 billion stock-swap merger with Naver Financial, creating one
of South Korea’s largest digital finance entities. Under the agreement, Naver
Financial will issue 87.5 million new shares at a 1:2.54 ratio, making Dunamu a
wholly owned subsidiary.
South
Korean financial authorities have launched on-site inspections to assess the
situation. The repeated breach on the same calendar date, combined with North
Korean involvement in the previous attack, has sparked speculation about the
perpetrators behind the latest incident.
This article was written by Damian Chmiel at www.financemagnates.com.
Source link
