South Korean crypto exchange Upbit issued an announcement on Nov. 28 from Oh Kyung-seok, CEO of Dunamu, operator of Upbit, stating that the platform had been hit by a cyberattack. The exchange suspended digital asset deposits and withdrawals and began a structural overhaul of its wallet operations to contain the incident.

“I deeply apologize to our members for any inconvenience caused by the cyberattack,” the executive said, according to a translated statement. He added:

This breach is a direct result of Upbit’s inadequate security management, and there is no room for excuses.

“Upbit, which prioritizes member protection, promises that no damage will occur to member assets,” the executive stressed, emphasizing that the platform has reported the cyberattack to relevant authorities as required by law and is investigating the cause and scope of the incident.

The exchange said unusual activity involving a Solana-linked wallet on Nov. 27 triggered an immediate internal review, and analysts analyzing blockchain data identified the issue and implemented containment measures. Upbit noted that the team tracked questionable transfers, froze assets that left the platform, and continued to assist authorities as required under applicable regulations.

Read more: South Korean Crypto Giant Upbit Prepares Nasdaq Bid After Major Merger With Naver

“Upbit has identified approximately 44.5 billion won [$30,311,090] in damaged assets. Members’ assets amounted to approximately 38.6 billion won, of which approximately 2.3 billion won has been frozen. Our own assets amounted to approximately 5.9 billion won,” the CEO detailed, adding:

We reiterate that members’ damaged assets have been fully compensated with Upbit-held assets.

South Korean authorities have opened a formal probe into the breach, with early indicators suggesting potential involvement by the Lazarus Group, the state-backed hacking organization tied to North Korea. Executives said the company activated emergency protocols, strengthened custody and internal processes, and undertook a broad review of its security systems. While the event underscores centralized-platform risks, crypto proponents argue that blockchain transparency supports post-incident analysis and that diversified custody structures can reduce concentrated exposure.

• What triggered Upbit’s suspension of deposits and withdrawals?
  Upbit halted all digital asset flows after detecting unusual activity in a Solana-linked wallet, prompting an immediate cyberattack investigation and security overhaul.
• How financially damaging was the breach for Upbit and its customers?
  The attack affected assets totaling roughly 44.5 billion won, all of which the exchange says have been fully compensated using Upbit-held reserves to protect customer balances.
• What corrective actions has Upbit taken to restore operational security?
  The company initiated emergency protocols, froze suspicious transfers, reinforced custody systems, and began a structural redesign of its wallet operations.
• Why is the incident significant for investors and the broader crypto market?
  The breach highlights centralized-exchange vulnerabilities—with suspected Lazarus Group involvement—while underscoring the value of transparent blockchain forensics and diversified custody models for risk mitigation.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。