Upbit Hit by $36M Solana Hot Wallet Breach One Day After $10B Naver Deal

• Upbit suffers a $36M security breach involving a Solana hot wallet
• Exchange freezes all deposits and withdrawals during investigation
• Incident occurs one day after parent company Dunamu signs $10B acquisition deal with Naver
• Upbit confirms cold wallets were not affected
• Platform promises full reimbursement for all affected user balances
• Korean regulators launch on-site inspections following the breach
• Trezor CEO warns exchanges remain “massive honeypots” for hackers
• Breach adds pressure as Dunamu prepares for a U.S. IPO and major Web3 investments

South Korea’s largest cryptocurrency exchange, Upbit, suspended all deposits and withdrawals on Thursday after detecting roughly $36 million in unauthorized transfers from one of its Solana-network hot wallets. According to the company, the suspicious activity was flagged around 4:42 am local time, prompting an immediate halt to transfers and the start of a platform-wide security audit.

Upbit emphasized that the breach was limited to a single hot wallet and that its cold-wallet reserves remain fully secure. Following detection, the exchange moved remaining hot-wallet assets into cold storage and initiated onchain efforts to freeze compromised funds. While trading remains operational inside the platform, users are unable to withdraw or deposit assets until the security checks are complete.

The timing of the breach has drawn significant attention because it came just one day after Upbit’s parent company, Dunamu, finalized a landmark $10 billion acquisition deal with South Korean tech giant Naver. The incident also revived memories of Upbit’s 2019 security breach, where nearly $50 million was stolen in an attack later linked to the North Korean Lazarus Group.

Upbit stated that it will completely reimburse customers for any funds lost in the incident, assuring users that all affected balances will be fully covered by its reserves. No customer action is required to recover funds, though the exchange asked for patience as the investigation proceeds. South Korean financial authorities have already begun on-site inspections to assess the situation, but Upbit has not announced a precise timeline for restoring normal deposit and withdrawal activity. Cointelegraph attempted to contact both Upbit and Dunamu but received no response by publication.

The breach has also renewed debate over the security risks facing centralized exchanges. At the TBD conference, Trezor CEO Matej Zak described exchanges as ongoing targets for sophisticated attackers. He highlighted that 2025 has seen a rise in stolen crypto assets, noting CertiK’s report that $2.47 billion was lost to hacks, scams, and exploits in the first half of the year alone. Zak also referenced the $1.5 billion Bybit hack in March, one of the largest crypto security breaches on record.

The incident arrives at a sensitive moment for Dunamu, which is navigating major expansion plans. Alongside the acquisition deal with Naver, the company intends to pursue a U.S. initial public offering after the merger is complete. Naver and Dunamu also plan to invest nearly $7 billion over the next five years to expand their Web3 and artificial intelligence ecosystem, underscoring the importance of maintaining confidence in Upbit’s platform as the companies scale globally.

Final Thought

The breach poses a significant challenge for Upbit at a time when Dunamu is entering one of the most ambitious expansion phases in its history. With regulators watching closely and users awaiting restored access to their funds, the exchange’s ability to manage the incident transparently will be critical as it prepares for a major U.S. IPO and multi-billion-dollar Web3 development plans.