In short
- Upbit said irregular transfers on the Solana network raised approximately $36 million across multiple tokens including BONK, JTO, SONIC and USDC.
- The exchange has taken the remaining funds offline and is coordinating the chain freeze with the issuers after securing a portion of the Solayer tokens.
- The CEO of Dunamu, Upbit’s parent company, said the exchange will fully reimburse customers.
South Korea’s largest crypto exchange, Upbit, announced a security incident involving assets on the Solana network on Thursday, reporting losses of about $36 million as the platform moved to contain the breach.
The exchange said it discovered irregular withdrawals linked to a compromised hot wallet address, leading to some services being halted while investigators tracked the flow of funds.
“Around 04:42 on 11/27/2025, Upbit confirmed that part of the Solana network assets (approximately KRW 54 billion worth) had been transferred to a wallet address that was not internally designated (an unknown external wallet),” a rough translation from Oh Kyung-seok, CEO of Dunamu. public notice reads.
Affected assets include meme coins such as Bonk (BONK), Moodeng (MOODENG), Official Trump (TRUMP) and decentralized finance tokens such as Sonic SVM (SONIC), Access Protocol (ACS), Jito (JTO), Solana (SOL) and Raydium (RAY), among other tokens such as Pudgy Penguin (PENGU). The list also includes Circle’s USD Coin (USDC).
“The extent of the loss caused by the abnormal withdrawals was identified internally immediately after confirmation,” Oh said, adding that Upbit “will fully offset the entire amount with its own assets so that there is no impact on members’ assets.”
Upbit said it immediately initiated an emergency security assessment of all related networks and wallet systems after detecting the irregular transfers.
According to Oh’s post, the exchange has moved all remaining assets to cold storage to prevent additional abnormal withdrawals, and is coordinating on-chain freeze efforts with relevant projects after successfully freezing part of Solayer (LAYER).
Upbit added that broader deposit and withdrawal services will only resume after system-wide security checks are completed.
The suspected hack comes as Dunamu, Upbit’s parent company, undergoes one of the most dramatic business transitions in years, with the company set to be absorbed into Naver Financial under A stock swap deal worth $10.3 billion.
Decrypt has contacted us Dunamu for comment. This is a development story.
Daily debriefing Newsletter
Start every day with today’s top news stories, plus original articles, a podcast, videos and more.
