Preface

At 4:42 AM on November 27, the largest cryptocurrency exchange in South Korea, Upbit, experienced a security incident where its hot wallet on the Solana chain was hacked, resulting in a large amount of assets being illegally transferred.

This incident occurred on the same day that Upbit's operator, Dunamu, announced a merger plan with Naver Financial, raising widespread concerns in the market about the security of cryptocurrency exchanges.

Incident Overview

According to an official statement released by Dunamu, the operator of Upbit, the hacking attack occurred at 4:42 AM on November 27.

After detecting abnormal activity, Upbit immediately suspended all deposit and withdrawal services for virtual assets and initiated a comprehensive security review.

Dunamu's CEO, Oh Kyung-seok, confirmed the incident in a notice to customers and emphasized that the company would use its own funds to fully compensate users for their losses.

The attack had a clear target, specifically aimed at Upbit's assets on the Solana network, involving various Solana-based tokens.

Loss Amount

Regarding the scale of losses caused by this attack, different sources have provided slightly varying data.

In the early stages of the incident, the amount stolen was disclosed to be approximately 54 billion Korean won (equivalent to 36.8 million USD), involving various Solana ecosystem tokens such as SOL, BONK, and JUP. Subsequently, Upbit revised the loss to 44.5 billion Korean won (about 30.43 million USD) and successfully froze some related assets (approximately 1.57 million USD).

Currently, the official details of the specific attack vulnerabilities and theft have not been disclosed, only revealing that the hacker transferred assets to an unauthorized external wallet, and the platform has urgently moved the remaining assets to cold wallets.

In comparison, Upbit suffered a hacking attack in 2019 that resulted in the theft of 340,000 ETH, which was worth about 58 billion Korean won at the time.

Security Vulnerabilities and Comparison

It is speculated that the attackers may have gained access to the private key permissions for Upbit's hot wallet responsible for the Solana ecosystem, or that the signing server was directly compromised.

This allowed the hackers to perform a "drain" transfer of all SPL tokens under that wallet, rather than targeting just one specific token.

Upbit responded by stating that the attack only occurred on its operated "hot wallet," and there were no security vulnerabilities or asset thefts in the company's cold wallets.

As a countermeasure, Upbit has successfully frozen some of the stolen assets, including approximately 230 million Korean won worth of Solayer tokens.

Conclusion

The Upbit incident serves as a wake-up call: security management is never-ending. The Zero Time Technology security team reminds all exchanges and project parties that they must establish a deep defense system—implementing strict limits on hot wallets and using multi-signature mechanisms, ensuring private key storage is disconnected from the network, and conducting regular security audits and attack-defense drills for core business systems. Meanwhile, we advise ordinary users to store large assets in self-managed cold wallets, keeping only a small amount of funds on exchanges. Security is no small matter, and the Zero Time Technology security team will continue to build a solid security defense for the industry through threat intelligence and vulnerability research.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。