Upbit detected an unauthorized outbound movement of Solana-based assets for approximately $36.8M. The platform suspended deposits and withdrawals, stated it will cover the losses with its operating reserves and initiated a security audit.
An anomalous withdrawal from Upbit’s operational hot wallet compromised a broad basket of tokens in the Solana ecosystem. Among the affected assets were SOL, USDC, BONK, TRUMP, JUP, LAYER, RENDER, ORCA, PYTH and IO, as well as numerous lower‑cap tokens. Immediately after detection, the platform blocked deposits and withdrawals; the remaining assets were moved to cold storage and a comprehensive infrastructure review was launched.
In the on‑chain response, the countermeasures allowed freezing value of approximately 12 billion won in LAYER tokens; the search and coordination with projects and authorities continue to locate the remainder of the funds. Upbit indicated that it will assume the financial burden of reimbursement from its reserves, although it did not provide a concrete timetable to complete payments.
What happened at Upbit and immediate measures
The intrusion occurs one day after the announcement of a major corporate transaction related to Upbit’s parent company, which increases pressure on institutional trust in the platform. In addition, the episode brought back memories of the 2019 attack that affected the same company, when 342,000 ETH were stolen, underscoring the recurrence of risks in centralized infrastructures.
For treasuries and traders, the implications are practical and operational: the temporary suspension of services may force liquidity rebalances, and exposure to tokens of the Solana ecosystem requires evaluating alternative custody and liquidity routes. From a risk management perspective, the incident once again brings into focus the tension between operational convenience and resilience: centralized hot wallets facilitate operations but concentrate attack vectors.
Regarding market impact and traceability, the action of freezing tokens and coordinating with projects demonstrates the effective role of on‑chain traceability; however, the lack of a reimbursement timetable introduces uncertainty for institutional users who depend on clear deadlines to manage balances.
Upbit has activated emergency protocols and assures it will cover the losses with its own funds; the result of the security audit and the public schedule of reimbursements will be the milestones to follow.
