Share
South Korea’s largest cryptocurrency exchange, Upbit, suffered a $37 million breach of its Solana hot wallet early Tuesday, with preliminary evidence pointing to North Korea’s Lazarus Group in the latest state-sponsored attack on the industry.
The breach occurred at 4:42 a.m. KST on November 27, 2025, when abnormal outflows totaling 54 billion South Korean Won drained in assets including SOL, USDC, JUP, RAY, PYTH, ORCA, BONK, and memecoins like MEW, PENGU, and MOODENG to an external wallet (hmowmhpFCy5n9pCWJh1xxymxQFRKaKbfX4kqLkfoaoC), as detailed by a thread on X.
Upbit $37M Solana Wallet Hack 🧵
> Upbit’s Solana hot wallet got hacked.
> Hack happened at 04:42 a.m. KST.
> Total Hacked amount: $37M across 20+ tokens.
Major tokens drained:
– SOL
– USDCMemecoins:
– MEW
– BONK
– PENGU
– TRUMP
– MOODENGDeFi tokens:
– JTO
– JUP
-… pic.twitter.com/nbJoTuwQ8W— Param (@Param_eth) November 27, 2025
Upbit immediately suspended Solana deposits and withdrawals, moved remaining funds to cold storage, and froze $8.18 million in LAYER tokens. The exchange also pledged full compensation from reserves, ensuring no user losses, and launched a security audit with authorities.
On-chain analysts and security firms, including Slowmist and Failsafe, are tracking the funds across multiple wallets and chains used by the attacker to launder funds. Vitally, no smart-contract vulnerabilities were exploited, suggesting the attacker must have gained access through compromised keys or phishing.
🚨 Failsafe Hack Alert: @Official_Upbit Compromised
At ~04:42 KST today, Upbit’s Solana hot wallets were breached, resulting in ₩54B KRW (~$36.8M) being transferred to an external, unauthorized wallet.
Affected assets tracked so far include:
SOL, USDC, RENDER, PYTH, ORCA,… pic.twitter.com/CnDh4jk2mV— FailSafe (@getfailsafe) November 27, 2025
This is the second major breach attributed to Lazarus at Upbit, following the $49 million Ethereum theft in 2019.The Lazarus Group is a North Korean state-sponsored cybercrime and espionage organization, widely regarded as one of the most prolific and dangerous hacking collectives in the world. North Korean hacking groups have stolen an estimated $3 billion in cryptocurrency since 2017, according to United Nations reports.
Analysts say exchange hacks are slowly becoming an object of regional concern. In February 2025, prosecutors charged three people for a multi-million dollar Bybit scam, and India’s WazirX only resumed operations in October 2025 after losing $230 million in July 2024.
Upbit, handling $11 billion in assets, holds 80% of Korea’s crypto volume. The hack could have wiped off a significant amount of SOL’s price intraday, but Upbit’s response was swift enough to limit panic withdrawals.
Bitcoin traded at $87,604 on November 27, up 0.25%. For exchanges, this underscores the need for multi-sig cold storage and AI-driven anomaly detection amid state-sponsored threats.
Share
