Upbit disclosed a 5.9 billion-won hit to corporate funds after a Solana-based hot-wallet exploit on November 27, 2025, while confirming full reimbursement of affected customers. The exchange reconciled the total theft at 44.5 billion won and covered 38.6 billion won from its own reserves, immediately suspending services and moving remaining assets to cold storage.
Forensic work narrowed initial estimates — which ranged up to 54 billion won — to a final loss of 44.5 billion won, concentrated in tokens on the Solana ecosystem. The stolen basket included TRUMP, BONK, JUP, SOL, USDC and LAYER, among others. Upbit halted deposits and withdrawals, transferred surviving holdings to cold storage and launched an internal security review to prevent further outflows.
A hot wallet is an online wallet connected to the internet used for active trading and withdrawals. By absorbing 38.6 billion won to reimburse members, Upbit shielded customer funds and recorded a 5.9 billion-won impact to its corporate balance sheet; blockchain tracing also enabled the freezing of an additional 2.3 billion won, which will mitigate the net exposure. South Korean authorities have opened an investigation into the incident with attribution efforts pointing toward a state-grade actor.
Upbit breach: losses, assets affected and reimbursement
The breach coincided with high-stakes corporate activity at Upbit’s parent, Dunamu, which was finalizing a merger with Naver’s fintech arm intended to create a roughly $13.8 billion fintech group and pursue a Nasdaq listing. The timing intensified scrutiny as the company navigates enforcement actions from regulators: the Financial Intelligence Unit earlier imposed a 35.2 billion-won fine and a three-month suspension on new user deposits and withdrawals for AML and KYC shortcomings, measures Upbit is reportedly considering appealing.
Authorities have signalled similar enforcement could extend to other domestic exchanges, including Bithumb, Coinone, Korbit and Gopax, reinforcing Seoul’s broader push for stricter compliance in the crypto sector. The incident also echoes a prior Upbit breach on the same calendar date in November 2019, when 342,000 ETH were illicitly transferred; that earlier theft remains part of the firm’s security legacy and lingering public concern.
Implications for investors and compliance teams are pragmatic: the direct balance-sheet cost shows an exchange-level willingness to prioritize customer restitution, while ongoing regulatory and forensic actions illustrate heightened oversight and the operational costs of non-compliance.
Upbit’s full customer reimbursement and admission of a 5.9 billion-won corporate loss close the immediate customer-impact chapter, but the episode sharpens focus on security protocols, regulatory compliance and the outcome of ongoing investigations.
