Upbit Suffers $36M Solana Hot Wallet Breach Day After $10B Naver Deal

Just a day after announcing a landmark $10 billion acquisition deal with South Korean tech giant Naver, cryptocurrency exchange Upbit has confirmed a significant security breach involving its Solana hot wallet. The incident, which occurred on November 27, 2025, resulted in the unauthorized withdrawal of approximately $36 million worth of digital assets.

Upbit detected the suspicious transactions early Thursday morning, prompting an immediate suspension of all crypto deposits and withdrawals. According to the exchange, approximately 54 billion won (roughly $36 million) worth of cryptocurrencies were drained from an Upbit-controlled wallet holding Solana-based tokens. At least 24 different cryptocurrencies were involved, including SOL, USDC, Bonk (BONK), Layer (LAYER), and Jupiter (JUP).

In response to the breach, Upbit has taken swift action to mitigate the damage and safeguard user funds. The exchange has suspended all deposits and withdrawals and is conducting a comprehensive inspection of its systems. The company has also moved remaining assets into cold storage, which is a more secure method of holding cryptocurrencies offline. Additionally, Upbit is collaborating with investigative authorities to freeze the compromised funds and determine the source of the exploit. So far, Upbit has managed to freeze roughly 12 billion won worth of LAYER tokens as part of its recovery efforts.

"First, we deeply apologize for any inconvenience caused to our members due to the urgent digital asset deposit and withdrawal service inspection and the abnormal withdrawal situation today," said Kyung-seok, CEO of Upbit operator Dunamu. "Upbit immediately suspended deposit and withdrawal services and conducted a comprehensive inspection, prioritizing the protection of member assets".

The breach has raised concerns about the security of hot wallets, which are cryptocurrency wallets that are connected to the internet and are therefore more vulnerable to hacking. Upbit has confirmed that the compromise was isolated to its hot wallet, with cold-wallet reserves remaining untouched. The exchange has pledged to cover all losses incurred by its users as a result of the breach, using its own assets to ensure full compensation.

This security incident comes at an inopportune time for Upbit, as it coincides with the announcement of a $10 billion deal with Naver Financial. The deal, which will make Dunamu a wholly-owned subsidiary of Naver Financial, is aimed at strengthening Naver's position in the digital finance sector. The merger is expected to generate strong synergy across payment, blockchain, and digital asset services. Naver plans to integrate its financial and AI infrastructure with consumer services, with a focus on becoming a global player in the AI and blockchain arenas.

The Upbit breach serves as a stark reminder of the risks associated with cryptocurrency exchanges and the importance of robust security measures. It also highlights the ongoing challenges faced by the industry in protecting user funds from malicious actors. The incident is under investigation by regulators. Upbit is working to restore confidence in its platform and ensure the safety of its users' assets.