Upbit Bounces Back: Crypto Transfers Resume After Security Breach
South Korea's crypto giant flips the switch back on. Deposit and withdrawal services are live again—a calculated move to restore confidence after a system intrusion rattled users.
The Breach and the Bounce
A security incident forced Upbit to slam the brakes on all fund movements. The platform went into lockdown, freezing assets while its security teams scrambled to plug the leak and assess the damage. No customer funds were reported lost, but the halt sent a shiver through its massive user base.
Restoring the Flow
The resumption isn't a full-throttle return. Upbit is implementing enhanced monitoring and stricter verification protocols for all transactions. It's a phased approach—prioritizing stability over speed to prevent any follow-up exploits. The message is clear: security upgrades are now the non-negotiable cost of doing business.
The Trust Equation
For exchanges, security breaches are more than technical failures; they're direct hits to credibility. Restoring services is the easy part. Restoring unwavering trust? That's the multi-year, high-stakes project that follows—and one that traditional finance skeptics will watch with a mix of curiosity and thinly-veiled schadenfreude.
The crypto ecosystem's resilience is being tested in real-time. One exchange's recovery is a litmus test for the entire industry's maturity. Upbit is back online, but the real trading has just begun: regaining user confidence in a market that never forgets a stumble.
Inside the Upbit breach
On November 27, Upbit’s hot wallets were drained of Solana-based tokens, including SOL, USDC, and BONK. The exchange froze ₩12 billion in LAYER tokens and continues tracing the remaining stolen assets, while deposits, withdrawals, and SOL staking remained suspended.
The incident differs from Upbit’s 2019 breach, which focused on Ethereum, and has triggered a new government investigation. Authorities are strongly suspecting North Korea’s Lazarus Group, with officials noting that the attack closely mirrors methods used in past intrusions.
Investigators believe the attackers may have breached an administrator account rather than exploiting servers. One government official said, “It is possible that the administrator account was hijacked or that the funds were transferred by pretending to be the administrator.”
Upbit detected unauthorized activity at 4:42 a.m. KST and halted all transfers, moving funds to cold storage. Analysts say the breach used multi-stage malware, starting with a fake Deriv installer, and exploited Python, .NET tools, AnyDesk, and Tor to steal passwords and wallet data while staying hidden.
Getting back online safely
Upbit has pledged to cover 100% of user losses from its corporate reserves. It also worked with token foundations to freeze around $8.18 million of stolen assets, roughly 22% of the total haul.
Deposits and withdrawals are resuming in phases, starting with networks that have passed security checks. The first batch includes Akash Network’s AKT and 213 Ethereum-network tokens such as 1INCH, AAVE, LINK, GRT, SHIB, and UNI. Deposits during the suspension will post gradually as the backlog is cleared.
Some assets, those received through airdrops, delisted tokens, or coins already under separate suspension, will only support withdrawals for now. Previously paused tokens may remain unavailable until related issues are resolved.
Staking features and NFT deposits or withdrawals will restart once system stability is confirmed. The exchange said, “If any changes occur regarding the resumption, we will provide additional information through this notice,” as it continues restoring services following the breach.
Also Read: Bitcoin Crashes Below $87K, Wiping Out a Week of Gains in 3 Hours
