Binance Fires Back: ’Delayed Response’ Claims in Upbit Hack Investigation Are Baseless
Binance just slammed allegations it dragged its feet during the Upbit hack probe—calling the narrative pure fiction.
The Counter-Narrative
Sources close to the exchange detail a coordinated, cross-border effort that started within hours of the initial alert. The team reportedly traced wallets, flagged transactions, and shared intelligence with multiple agencies—standard protocol for an outfit that handles more volume than some small countries' GDP.
Security Theater or Real Ops?
Critics argue the public sees only the final act—the frozen assets, the official statements—missing the behind-the-scenes scramble that defines effective crisis response. In crypto, speed is measured in block confirmations, not press releases.
The Bigger Picture
This spat highlights the fragile trust underpinning inter-exchange cooperation. When billions move on-chain, collaboration isn't courtesy—it's survival. Yet every alliance faces the age-old finance question: who gets the blame when things go south, and who takes the credit when they don't?
Binance's rebuttal cuts through the noise—a reminder that in this industry, the loudest story isn't always the true one. Sometimes, the real work happens in the silent spaces between transactions.
Binance Says It Acted Promptly and Worked With Law Enforcement
The exchange added that it has been working closely with law enforcement and other relevant parties since the incident.
“We continue to monitor the situation closely and provide support as needed,” the spokesperson said, stressing that any claims suggesting Binance did not take prompt or effective action are “unsubstantiated and inaccurate.”
The response follows a report published last week citing South Korean investigators, who claimed Binance froze only a small portion of the funds stolen during the Upbit breach.
According to local media, authorities said roughly 17% of the assets flagged for freezing were ultimately locked down.
Investigators allege that the hackers behind the attack moved quickly, dispersing stolen funds across more than a thousand wallets within hours of the breach on Nov. 27.
Korean authorities say @Binance froze only a small portion of the crypto stolen during last month’s @Official_Upbit hack.#SouthKorea #Binancehttps://t.co/o5VVQN9tYp
Security analysts said the group used a combination of chain hopping, token swaps, and bridges to obscure transaction trails, a tactic that complicated recovery efforts.
Authorities said that a significant share of the laundered assets eventually reached service wallets on Binance.
Upbit and police reportedly requested an immediate freeze on around 470 million won (approximately $370,000) worth of solana tokens believed to have entered the exchange.
Of that amount, about 80 million won (roughly $75,000) was frozen, with Binance citing the need for additional verification before taking broader action, per previous claims by Korean authorities.
Upbit Moves 99% of Customer Assets to Cold Storage After $30M Hack
As reported, Upbit is shifting nearly all customer assets into cold storage after hackers stole 44.5 billion won (about $30 million) from its Solana hot wallet, marking one of the strongest security responses yet by a major exchange.
Operator Dunamu said the platform will raise its cold wallet ratio to 99% and reduce hot wallet exposure to effectively zero, far above South Korea’s legal requirement that 80% of user funds be stored offline.
The exchange already held 98.33% of assets in cold storage at the end of October, the highest among domestic platforms, but accelerated its overhaul following the breach.
Meanwhile, South Korean authorities have launched an investigation, and local reports have cited early intelligence assessments that allegedly connect the intrusion to North Korea’s Lazarus Group.
