Upbit Responds to Security Breach
In a significant response to a recent security breach, Upbit, South Korea’s leading cryptocurrency exchange, has invalidated all prior deposit addresses, requiring users to create new ones. This decision follows a substantial hack on November 27, which resulted in the theft of approximately 44.5 billion Korean won, equivalent to an estimated $30–36 million, primarily affecting Solana-based tokens.
Security Measures and User Guidance
The platform made this drastic move during wallet maintenance to enhance security measures and safeguard user assets. Users are urged to generate new deposit addresses through their Upbit accounts before transferring any funds, as old addresses will no longer work and may lead to transaction issues.
The breach saw attackers transferring Solana tokens from Upbit’s hot wallets to an unauthorized account, prompting the exchange to suspend all deposit and withdrawal activities temporarily. During this period, Upbit relocated remaining assets into cold storage and conducted a comprehensive review of its wallet systems.
Resumption of Services and User Protection
As part of the ongoing recovery, Upbit has started a phased resumption of deposits and withdrawals for selected cryptocurrencies while completing security audits. In a proactive stance, the exchange has advised customers to eliminate any previously stored deposit addresses from their personal wallets or other platforms to mitigate the risk of misuse, emphasizing the importance of using only the newly issued addresses.
Importantly, Upbit has committed to covering all losses incurred by affected users through its corporate reserves, ensuring that customers will not have to face financial repercussions from the Solana wallet breach. The exchange’s parent company, Dunamu, revealed that most of the affected assets belonged to users and assured that they will absorb the financial impact as services are restored.
Investigation and Future Security Enhancements
In a collaborative effort with blockchain analytics firms and project teams, some of the stolen funds have already been frozen as investigations continue. This action has locked a portion of the stolen assets while authorities track other coins that were moved during the attack.
On a broader scale, the Korea Internet and Security Agency, alongside the Financial Supervisory Service, has launched an official investigation into the incident. There are indications that the attack could be linked to North Korea’s notorious Lazarus Group, which has been connected to previous cryptocurrency-related hacks. As a part of its response, Upbit has announced a comprehensive overhaul of its wallet infrastructure and security protocols, with ongoing restrictions until a thorough review is finalized.
