Key highlights:
- $36M stolen from Upbit at the same moment its parent company closes a $10B deal
- Authorities launch urgent inspections as Upbit freezes transfers
- Exchange promises full compensation, but the timing raises serious questions
South Korean crypto exchange Upbit has suffered a major security breach, with hackers stealing approximately $36 million from a hot wallet on the Solana network.
Upbit got hacked and paused withdrawals, but Koreans are pumping alts since arbitrage bots are no longer running. pic.twitter.com/Y1AnRDqrgz
— Ki Young Ju (@ki_young_ju) November 27, 2025
The incident occurred only a day after the exchange’s parent company, Dunamu, announced a $10 billion acquisition agreement with tech giant Naver — raising concerns about timing and internal security.
Suspicious transfers trigger emergency response
According to Upbit, abnormal transactions were detected around 4:42 AM local time on November 27. In response, the exchange immediately froze all deposits and withdrawals and launched a platform-wide security audit.
The Upbit hacker dumped all tokens directly on DEXes and is now holding only SOL.
I’m thinking of setting up a Meteora LP position for $ME to capture the fees from the dump that’s coming soon. pic.twitter.com/e8pjwWL3Dk
— dethective (@dethective) November 27, 2025
Only the hot wallet was compromised, and Upbit confirmed that all cold-wallet reserves remained secure. The team rapidly moved remaining funds into cold storage and began attempts to freeze the stolen assets on-chain.
Despite the breach, trading on the exchange continues. Users can still buy and sell assets internally, but deposits and withdrawals remain temporarily suspended while the audit is completed.
Authorities begin inspections as Upbit promises full compensation
Upbit has assured customers that 100% of user losses will be covered using the company’s own reserves. No direct action is required from users, though the exchange has asked for patience while it finalizes its investigation.
Local financial authorities have already begun on-site inspections to assess the breach. However, Upbit has not announced a firm timeline for restoring deposit and withdrawal services.
The event has revived memories of the 2019 Upbit hack, where nearly $50 million was stolen in an attack linked to North Korea’s Lazarus Group. In fact, early reports from reputable news outlets like Reuters and Coindesk hint at the possibility that Lazarus is once again the culprit.
A critical moment for Upbit’s parent company
The hack comes at a pivotal moment for Dunamu. According to a Wednesday filing, Naver Financial will acquire Upbit in a stock swap worth 15.1 trillion won (around $10.3 billion). Naver will issue 87.5 million new shares to Dunamu shareholders, making the company a wholly owned subsidiary.
Additionally, Dunamu plans to pursue a U.S. IPO after the merger, following the footsteps of another major crypto exchange, Kraken, which recently filed for its IPO. Over the next five years, Naver and Dunamu intend to invest roughly $7 billion into expanding Web3 and AI development — an ambitious plan now clouded by the unexpected security incident.
Source:: $36M Upbit Hack Triggers Scrutiny as $10B Acquisition Deal Nears Completion