Upbit, South Korea’s largest cryptocurrency exchange, is facing regulatory investigation after confirming a major security breach. On November 27, the platform identified “abnormal withdrawal activity” that resulted in the theft of approximately $36.9 million worth of assets from a hot wallet on the Solana network.

Immediate Response and User Compensation

In response to the attack, Upbit immediately suspended all deposit and withdrawal services to conduct a comprehensive security inspection. The exchange also moved all remaining digital assets from its hot wallets to secure cold storage to prevent further unauthorized transfers.

Oh Kyung-seok, CEO of Upbit’s parent company Dunamu, issued a notice assuring customers that their funds were safe. He stated that the exchange will “cover the entire amount with Upbit assets to ensure no damage to members’ assets,” pledging full reimbursement for all affected users.

Scope of the Stolen Assets

The attackers drained over 20 different tokens based on the Solana network, transferring them to an external, unknown wallet. The stolen assets included a wide range of tokens such as SOL, USDC, BONK, JUP, RENDER, and PYTH. Upbit confirmed it is actively working to freeze the compromised funds where possible and has already successfully frozen approximately 12 billion won worth of the stolen LAYER tokens.

A History of Security Lapses

This incident occurred nearly six years after a large-scale breach in 2019, when North Korean hackers stole 342,000 ETH from the exchange. The latest attack raises fresh concerns about the platform’s security protocols. According to a report by BlockTempo, Korea’s financial regulator is now investigating Upbit for potential issues related to delayed reporting and data handling. The outlet claimed the regulator might impose a temporary three-month halt on new user sign-ups, though these reports have not been officially confirmed.