A threat actor has compromised Upbit, South Korea’s largest cryptocurrency exchange, resulting in a significant theft of digital assets. The breach targeted the platform’s hot wallets on the Solana network, leading to the unauthorized transfer of approximately $37 million (54 billion KRW) to an unknown external wallet around 4:00 AM local time on November 27, 2025.
In response to the incident, Upbit suspended all withdrawals and moved remaining funds to secure cold storage. The exchange’s operator, Dunamu, stated they have successfully frozen approximately $8.18 million worth of Solayer (LAYER) tokens and are collaborating with blockchain security teams and law enforcement to investigate. The company has pledged to fully compensate users for all losses from its corporate reserves. This security breach occurs amidst a major corporate transition, as Naver Financial recently announced a $10.29 billion acquisition of Dunamu.
According to the exchange, the compromised assets primarily consist of various tokens on the Solana network. The specific cryptocurrencies affected include:
-
Solana (SOL)
-
USD Coin (USDC)
-
Bonk (BONK)
-
Jito (JTO)
-
Raydium (RAY)
-
Access Protocol (ACS)
-
Sonic SVM (SONIC)
-
Official Trump (TRUMP)
-
Pudgy Penguin (PENGU)
-
Moodeng (MOODENG)
-
Additional tokens: 2Z, DOOD, DRIFT, HUMA, IO, JUP, LAYER, ME, MEW, ORCA, PYTH, RENDER, SOON, W











