Upbit Hit by $36 Million Hack and Faces Regulatory Turmoil in Korea

South Korea's leading cryptocurrency exchange, Upbit, has been rocked by a large-scale security breach resulting in millions in losses and faces added pressure from regulators following a hefty fine—all during a period of major corporate changes.

Key Takeaways

• Upbit suffered a $36M+ hack involving Solana-based tokens, suspected to be the work of the North Korea-linked Lazarus Group.
• Deposits and withdrawals were suspended as a precaution, with Upbit assuring full customer asset protection.
• The breach coincided with major corporate developments and ongoing regulatory scrutiny, including a $25M fine for anti-money laundering and KYC violations.

Large-Scale Solana Hack Hits Upbit

On November 27, Upbit detected abnormal activity involving multiple tokens on the Solana network. An estimated $36–$40 million in digital assets was unlawfully withdrawn to unauthorized wallets. In immediate response, Upbit suspended all digital asset deposits and withdrawals, transferring the remaining assets to cold storage to limit further risk.

While the company quickly announced measures to mitigate user impact—including covering all customer losses—authorities disclosed that they are investigating the hack, with early signs pointing to the notorious Lazarus Group, believed to be backed by North Korea. This suspicion is based on the attackers' methods, which experts say resemble those used in prior hacks targeting Korean exchanges.

Timeline Coincides With Corporate Merger News

Interestingly, the timing of the attack matched a high-profile announcement: the merger of Upbit’s parent company Dunamu with tech conglomerate Naver. Security analysts note that prominent hacker groups often stage attacks to coincide with market-moving events, lending to speculation that the timing was intentional.

Upbit’s Rapid Response and Customer Assurance

In an effort to restore confidence, Upbit initiated several immediate actions:

• Moved all digital assets to cold wallets, minimizing further damage.
• Froze assets linked to the breach in cooperation with law enforcement, successfully freezing assets worth about 12 billion won.
• Began a thorough review and security audit of its digital asset infrastructure.
• Pledged complete reimbursement for affected users.

Upbit also urged users to remain vigilant and report any suspicious account activities.

Regulatory Scrutiny Intensifies

Just days before the hack, Upbit found itself facing a $25 million fine from South Korea’s Financial Intelligence Unit (FIU) after an investigation revealed millions of violations around customer verification and suspicious transaction reporting. Alongside the financial penalty, Upbit temporarily lost the ability to process virtual asset transfers for new customers as part of broader regulatory efforts to enhance money-laundering defenses within the country’s crypto industry.

Upbit operators stated they are reviewing the regulator’s findings and have reinforced internal controls and investor protection protocols to prevent recurrences.

Industry Implications

With millions in customer assets and the ongoing regulatory push for stricter compliance, the Upbit incident highlights both the technical and legal risks facing centralized crypto exchanges. Market analysts say that continued attacks and rising compliance costs could drive more exchanges and users toward decentralized solutions in pursuit of stronger security and privacy.

Sources

• South Korea Suspects North Korea-Linked Lazarus Behind $36M Upbit Hack, CoinDesk.
• Upbit Suspends Deposit And Withdrawal Service After $37M in Abnormal Activity in Solana Tokens, CoinDesk.
• South Korea Crypto Exchange Upbit 'Assessing' South Korean Regulators Review After $25M Fine, CoinDesk.