On November 27, Upbit operator Dunamu confirmed a KRW 44.5 billion (~ USD 33 million) theft involving 24 Solana-based digital assets. The unauthorized transfers were detected at 4:42 AM. Initially estimated at KRW 54 billion, the total loss was later adjusted to reflect real-time market valuations at the moment of the breach. The compromised tokens included Solana (SOL), Access Protocol (ACS), DoubleZero (2Z), Bonk (BONK), Raydium (RAY), Render (RENDER), Jupiter (JUP), and Orca (ORCA) among others.
Dunamu immediately suspended all digital-asset deposits and withdrawals at 8:55 AM, transferring remaining funds into cold wallets to prevent further outflows. The intrusion occurred in one of its hot wallets, while cold storage remained intact. Dunamu has been working with blockchain project teams to trace and freeze assets on-chain. Around KRW 2.3 billion worth of Solayer (LAYER) tokens were successfully frozen, and ongoing cooperation continues with related projects and institutions.
The Financial Supervisory Service (FSS) deployed an on-site inspection team to Upbit’s headquarters, while the National Office of Investigation’s Cyber Terror Division began a preliminary inquiry to confirm details and identify possible foreign actors. This incident also comes at a sensitive time, as Korea’s newly enforced Virtual Asset User Protection Act introduces stricter compliance obligations for exchanges. While designed to protect users and institutionalize transparency, the transition has placed additional scrutiny on leading platforms like Upbit as they adapt to a tougher oversight environment. We have confirmed the scope of abnormal withdrawals and will ensure that no members suffer any loss.
Leave a Reply