Binance Freezes Only 17% of Upbit Hack Funds, Sparking Security Debate

On November 27, 2025, hackers breached the South Korean cryptocurrency exchange Upbit, stealing a significant sum. According to a KBS News report, the stolen funds were laundered through a complex process involving over a thousand wallets, using ‘bridges’ and ‘swaps’ to obscure their trail. Most of these laundered assets eventually flowed into third-party service wallets hosted on Binance.

That same day, South Korean police and Upbit formally requested Binance freeze approximately 470 million won worth of stolen Solana (SOL) tokens traced to its platform. Binance’s response was both partial and delayed. The exchange froze only about 80 million won, roughly 17% of the requested amount, citing a need for further fact-checking. Authorities were notified that the freeze was complete around midnight on November 27, approximately 15 hours after the initial request. In response to inquiries, Binance declined to comment on the specifics, stating it ‘cannot make specific comments on the ongoing investigation’ but would continue to cooperate.

The limited and slow action had immediate consequences. The hackers later exchanged most of the stolen SOL for Ethereum (ETH), likely capitalizing on the latter’s large market size and liquidity to facilitate cashing out. This sequence highlights a critical vulnerability: the window for effective asset recovery is narrow, and delays can render freeze requests moot.

This incident did not occur in isolation. It has unfolded against a backdrop of heightened global scrutiny on how major cryptocurrency exchanges handle illicit fund flows. A major investigative report published last month by the International Consortium of Investigative Journalists (ICIJ) revealed that criminal entities, including North Korean hackers and scam networks, routinely use top exchanges to move funds. Notably, the investigation found that significant sums flowed through Binance and other platforms even while they were under court-appointed monitors following major legal settlements.

Separately, on December 11, 2025, Binance co-founder Changpeng ‘CZ’ Zhao alerted users that co-CEO Yi He’s WeChat account had been hijacked to promote a fraudulent meme coin in a pump-and-dump scheme that netted scammers around $55,000. This pattern of security incidents—from external hacks to internal account compromises—has prompted serious questions about the robustness of safeguards at the world’s largest exchange.

The collective impact of these events has sparked calls for systemic reform from industry experts. Cho Jae-woo, director of the Blockchain Research Institute at Hansung University, told KBS that rapid freezes are essential to minimize hacking damage but exchanges often act passively, citing litigation risks. This passive stance, as demonstrated in the Upbit case, allows criminals precious time to move and convert assets.

To address this critical gap, Cho Jae-woo suggested establishing a global hotline between major exchanges or forming a consultative body with emergency freeze authority to enable faster, preemptive action. Such mechanisms would aim to bypass the bureaucratic and legal hesitancy that can stall critical interventions during the first hours after a hack. The debate now centers on whether the cryptocurrency industry can develop effective, cooperative security protocols or if reactive, platform-by-platform responses will continue to leave the ecosystem vulnerable.