The South Korean giant wakes up in turmoil. Upbit, the country’s leading crypto platform and one of the most used in Asia, abruptly halted deposits and withdrawals after noticing an abnormal funds extraction on the Solana network. In simpler terms: 540 billion wons, approximately 36.8 million dollars, left the platform for an unknown wallet, in the middle of the night, at 4:42 local time. A quite massive movement that immediately caught the attention of the largest exchange in the Korean market.
The first elements confirm that the theft involves a wide range of tokens: SOL, BONK, ORCA, PYTH, RAY, RENDER, JTO, JUP, USDC, and many others. A multi-asset leak that reminds users that Solana’s popularity attracts both investors and attackers.
Immediate Reflex: Shifting Everything to Cold Storage
Upbit reacted promptly. All remaining reserves were transferred to cold wallets to lock down the infrastructure and prevent a second wave of attacks. This massive shift aims to reassure a market already nervous after several security incidents on Solana in recent years.
Good news in the midst of chaos: approximately 8.18 million dollars worth of LAYER tokens were frozen in time with the help of the concerned projects. Some funds have already been recovered, and the rest could follow, thanks to the cooperation between blockchain teams and local authorities.
But the key question remains the one obsessing all users.
Will Clients Lose Money?
No. Upbit has ensured full compensation for the losses using its own reserves. It’s a classic strategy for large exchanges seeking to avoid panic and demonstrate that they have sufficient funds to cover major incidents. For users, if Upbit is telling the truth, it means no direct loss and no action to take.
This choice also allows Upbit to protect its image in an ultra-competitive South Korean market, where trust is a strategic advantage. Implicitly, the exchange reminds that its financial strength remains a major asset, despite a hack of rare magnitude.
An Ongoing Autopsy
No information has been released on the attack vector or the exploited vulnerability. The exchange simply mentions an ‘abnormal withdrawal’ to an unidentified wallet. The maintained ambiguity shows that the security team is still deeply analyzing, which is not unusual at this stage. Investigations of this kind often take several days, or even weeks.
A complicated timing for the exchange as its parent company, Dunamu, has just merged with the tech giant Naver.
