Upbit’s $30M Security Breach Exposes Critical Wallet Vulnerability

Digital vaults spring leaks as exchange security gets tested yet again.

THE FLAW IN THE SYSTEM

Upbit's security team discovered a critical vulnerability in their wallet infrastructure after hackers siphoned $30 million from exchange reserves. The breach bypassed multiple security layers, exposing fundamental weaknesses in cryptocurrency storage protocols.

INDUSTRY-WAKE UP CALL

This incident marks another multi-million dollar reminder that even established exchanges remain vulnerable to sophisticated attacks. The $30 million heist represents one of the largest security breaches this quarter, shaking investor confidence across digital asset markets.

REGULATORY RECKONING

Financial authorities are already circling—because nothing attracts regulators like nine zeros disappearing from balance sheets. The timing couldn't be worse for an industry desperately trying to prove its maturity to traditional finance skeptics.

SECURITY PARADOX

Exchanges keep building higher walls while hackers keep finding longer ladders. Upbit now joins the growing list of platforms learning that in crypto, security isn't a feature—it's the entire product.

In brief

• Upbit openly acknowledged that flaws in its own wallet system played a role in its recent security breach, taking full responsibility for the lapse.
• The platform confirmed that the issue has now been fully resolved.
• Information from authorities suggests that the North Korean Lazarus hacking group is suspected to be behind the attack, echoing methods seen in a similar 2019 incident.

Upbit Detects Weakness in Wallet System

In its latest communication, Upbit explained that while investigating the $30 million theft detected on November 27, its team examined a large set of the exchange’s wallet transactions recorded on the blockchain and uncovered a flaw that made it possible for private keys to be worked out.

While the exchange said the issue has now been resolved, the vulnerability only came to light during a comprehensive technical review, which was launched after unusual withdrawals were observed from Solana-related wallets.

We analyzed numerous Upbit wallet transactions publicly disclosed on the blockchain, and discovered a security vulnerability that allowed us to deduce private keys (a type of password that allows access to blockchain wallet addresses and assets). We addressed this vulnerability.

To prevent additional damage, Upbit halted all deposits and withdrawals and began tracking and freezing assets that had been moved away from the platform. The company noted that services will resume only when it is confident that the system has stabilized.

Asset Impact and Reimbursement

According to Upbit, the breach affected assets worth roughly 44.5 billion won ($30 million). Around 38.6 billion won ($26 million) belonged to customers, while approximately 2.3 billion won ($1.5 million) of that amount was frozen. The exchange’s own holdings made up the remaining 5.9 billion won. Upbit confirmed that every customer whose funds were involved has already been fully compensated using the exchange’s reserves.

Previous coverage from Cointribune highlighted that the intrusion occurred through one of Upbit’s hot wallets, while its cold wallet stayed untouched. The unusual activity was detected at 4:42 a.m. and involved several solana ecosystem tokens, including Solana, Jupiter, Magic Eden, USDC, and other associated assets. 

Upbit Breach Linked to Lazarus

Upbit has activated emergency procedures across the company and is reviewing its security infrastructure. The exchange emphasized that protecting customer assets remains its top priority, while also noting that this incident highlights how no platform is completely immune to threats.

Meanwhile, information shared through the Yonhap News Agency revealed that the North Korean hacking group Lazarus is believed to be connected to the latest attack, according to government and business sources. In response, authorities plan to carry out an on-site inspection at the exchange to investigate further. Lazarus was also suspected of a previous Upbit attack in 2019, when about 58 billion won worth of ethereum was stolen, and investigators say the techniques used then appear similar to those seen in the recent breach.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.