Just a day after finalizing a multibillion-dollar merger with South Korean tech giant Naver, crypto exchange Upbit faced a massive security breach involving Solana-based assets.
Key Takeaways
- Upbit suffered a $38 million hack targeting its Solana hot wallet, involving over 24 different tokens.
- The breach occurred just hours after Naver finalized its $10.3 billion acquisition of Upbit’s parent company, Dunamu.
- Upbit froze deposits and withdrawals, launched internal inspections, and vowed to fully compensate users from its own reserves.
- Dunamu and Naver also pledged a 10 trillion won investment in AI and Web3, marking a major strategic shift despite the breach.
What Happened?
South Korea’s largest cryptocurrency exchange, Upbit, detected abnormal activity on its Solana hot wallet early on November 27. The unauthorized transactions siphoned off roughly 54 billion won, equivalent to $38 million, across multiple Solana-based tokens including SOL, USDC, BONK, JUP, RAY, and others.
Upbit responded quickly by halting all deposits and withdrawals, isolating the compromised wallet, and transferring assets to secure cold storage.
Upbit(@Official_Upbit) has been hacked — 54B KRW (~36.8M USD) in assets on #Solana have been transferred to unknown wallets.https://t.co/plbmBz2G4Nhttps://t.co/YOHoqDVfqa pic.twitter.com/DM5BxSTtXA
— Lookonchain (@lookonchain) November 27, 2025
Upbit Reacts to Major Solana Wallet Breach
The exploit, which took place around 4:42 a.m. KST, affected at least 24 different cryptocurrencies, including DeFi, meme, and stablecoin tokens. Upbit confirmed that hot wallet infrastructure had been targeted, though it clarified that the Solana protocol itself remained secure.
According to a statement from Upbit’s CEO Oh Kyung-seok, the exchange immediately conducted a comprehensive inspection and pledged that “the entire amount will be covered by Upbit’s holdings” so that customers experience no financial loss.
Key actions taken by Upbit include:
- Suspension of all deposits and withdrawals for Solana-based tokens.
- Emergency audits of its entire wallet infrastructure.
- Transfer of digital assets to cold wallets as a precaution.
- Collaboration with law enforcement and other platforms to freeze stolen assets.
As part of the recovery process, Upbit managed to freeze approximately $8.18 million worth of LAYER tokens and is working with various blockchain projects and security agencies to track and halt the remaining funds.
Timing Clashes with Naver’s $10.3 Billion Acquisition
The breach came just one day after Naver, often referred to as the “Google of Korea,” announced a $10.3 billion acquisition of Dunamu, Upbit’s parent company. The deal transforms Dunamu into a fully owned subsidiary of Naver through an all-stock transaction that drastically reshapes South Korea’s fintech landscape.
The merger includes:
- A share exchange that dilutes Naver Financial’s ownership from 69% to 17%.
- Creation of a new fintech powerhouse blending blockchain, AI, and financial technology.
- A 10 trillion won ($6.8 billion) five-year investment plan focused on developing AI, Web3 platforms, and stablecoins.
Among the announced innovations is a won-pegged stablecoin, to be issued through Naver Pay and distributed via Upbit, potentially disrupting traditional payment systems in South Korea.
Regulatory Scrutiny and IPO Concerns
This incident is not Upbit’s first. In 2019, it lost 342,000 ETH (about $50 million at the time) in a similar hack. While the current breach is smaller in scale, it comes at a delicate time. Upbit had just resolved a 35.2 billion won penalty for anti-money laundering violations and was preparing for a planned Nasdaq IPO.
The breach is expected to draw further regulatory attention from South Korean authorities, including the Fair Trade Commission, which is already reviewing the Naver merger for potential antitrust issues. Analysts warn that the hack could delay both the IPO and Upbit’s broader expansion efforts.
CoinLaw’s Takeaway
I’ve followed plenty of exchange hacks over the years, and this one really hits a nerve. Hot wallets remain a persistent risk, especially for top-tier exchanges like Upbit that manage billions in daily volume. What’s especially striking is how the timing of the breach collides with one of the biggest fintech mergers in Korea’s history.
In my experience, when security meets scalability ambitions, things can break. Upbit’s quick action and promise of full compensation are reassuring, but it shows that even the biggest players are still playing defense in the crypto space. The next few months will be critical not just for Upbit’s security narrative, but for how regulators view the entire ecosystem.
