Upbit Loses $36M in Solana Hack, Vows Full Reimbursement

The security incident unfolded at approximately 04:42 on November 27, 2025, when Upbit confirmed that a portion of Solana network assets worth approximately 54 billion KRW (roughly $36 million) had been transferred to an unknown external wallet address. The breach involved irregular withdrawals linked to a compromised hot-wallet address, which prompted the exchange to immediately halt some services while investigators traced the flow of funds. The scale of the loss was identified internally immediately upon confirmation, according to Dunamu CEO Oh Kyung-seok’s public notice.

Affected assets spanned multiple token categories, including meme coins such as Bonk (BONK), Moodeng (MOODENG), and Official Trump (TRUMP), along with decentralized finance tokens including Sonic SVM (SONIC), Access Protocol (ACS), Jito (JTO), Solana (SOL), and Raydium (RAY). The compromised assets also included Pudgy Penguin (PENGU) and Circle’s USD Coin (USDC), demonstrating the breadth of the security vulnerability across different token types within the Solana ecosystem.

Upon detecting the irregular transfers, Upbit initiated an emergency security review of all related networks and wallet systems. The exchange moved all remaining assets into cold storage to prevent additional abnormal withdrawals, a critical step in containing the breach’s impact. Upbit is actively coordinating on-chain freeze attempts with relevant projects and has already successfully frozen a portion of Solayer (LAYER) tokens, indicating collaborative efforts to recover stolen assets.

The exchange has stated that broader deposit and withdrawal services will resume only after systemwide security checks are completed, prioritizing security over operational convenience. This comprehensive approach reflects the seriousness with which Upbit is treating the incident, particularly given its position as South Korea’s largest cryptocurrency exchange and the need to maintain user trust in the wake of significant financial losses.

Dunamu CEO Oh Kyung-seok made a firm commitment that Upbit will ‘fully compensate the entire amount with its own assets so that no impact occurs to members’ assets.’ This reimbursement pledge represents a significant financial undertaking for the company but demonstrates its commitment to customer protection and maintaining market confidence. The full compensation approach mirrors industry best practices following major security incidents, though the $36 million scale presents substantial financial implications.

The security breach comes at a particularly sensitive time for Dunamu, as the parent company navigates one of its most consequential corporate transitions in years. The firm is set to be absorbed into Naver Financial under a $10.3 billion stock-swap agreement, making this security incident a potential complicating factor in the ongoing merger process. The timing raises questions about how the breach might impact the corporate transition and whether it will affect valuation considerations or integration timelines.

As South Korea’s premier cryptocurrency exchange, Upbit’s handling of this incident will be closely watched by regulators, investors, and the broader crypto community. The combination of immediate security responses, transparent communication about affected assets, and the full reimbursement commitment represents a comprehensive approach to crisis management, though the ultimate test will be in preventing future breaches and successfully navigating the corporate transition with Naver Financial.