Upbit suspended deposits and withdrawals after detecting anomalous activity in its Solana hot wallet on November 27, 2025 at 04:42 (KST). The incident resulted in the unauthorized extraction of approximately $36–40 million (≈54 000 million KRW) and affected multiple tokens on the Solana network. Executive management confirmed the intrusion and stated that the platform would replenish the affected losses with the exchange’s own funds.
Details of the incident and operational response
The irregular activity affected the hot wallet associated with assets on the Solana network and caused unauthorized transfers of multiple tokens. Among the assets involved are DoubleZero (2Z), Access Protocol (ACS), Bonk (BONK), Doodles (DOOD), Drift (DRIFT), Huma Finance (HUMA), Ionet (IO), Jito (JTO), Jupiter (JUP), Solayer (LAYER), Magic Eden (ME), Moodeng (MOODENG), Official Trump (TRUMP), Sonic SVM (SONIC), Solana (SOL), Raydium (RAY), Pudgy Penguin (PENGU), USD Coin (USDC), ORCA, PYTH and RENDER.
Executive management confirmed the intrusion and the platform assumed responsibility for replenishing the affected losses with the exchange’s own funds. As immediate measures, the remaining assets were transferred to cold custody, a comprehensive security audit was launched, and an on‑chain forensic investigation was initiated. In parallel, the on‑chain freezing of approximately 12 000 million KRW in Solayer tokens was achieved, according to the firm’s operational records. The incident was internally classified as the second significant security breach in its operational history; the nature and scope of the exploitation vector remain under technical investigation.
Corporate context and regulatory pressure
The event coincides with a period of regulatory pressure and significant corporate movements. The national financial authority previously imposed a fine of 35 200 million KRW and a three‑month suspension of deposit and withdrawal services for new users, a sanction that is independent of the operational halt resulting from the intrusion.
The parent company also faces large‑scale corporate reorganization plans, including share swap projects and a public listing that, if realized, would involve transactions of a high order of magnitude. That confluence — prior sanction, ongoing investigation and expansion strategy — underscores the reputational and operational risk before institutional investors and custodians, and raises questions about internal controls, segregation of custody and key governance associated with hot wallets.
