Upbit faces another security crisis after acquisition: Was it the work of North Korean hackers?

链捕手 ChainCatcher
链捕手 ChainCatcher

South Korean cryptocurrency exchange Upbit has suffered a security breach, with approximately $30.43 million in Solana network assets stolen. The exchange has frozen about $1.57 million and is tracking the remaining funds, while committing to fully reimburse affected users from its own assets.

Key Points:

  • This incident occurred on the anniversary of a major 2019 hack also attributed to North Korean hackers.
  • Upbit has transferred all remaining assets to cold storage and is conducting security audits.
  • The theft comes just after parent company Dunamu announced a $10.3 billion merger with Naver Financial.
  • The merger aims to promote Korean won stablecoin development and pave the way for Upbit's potential Nasdaq IPO.
  • South Korean regulators have immediately launched an inspection following the hack.
  • This security crisis follows recent regulatory challenges, including a $25 million fine for KYC violations in November.
  • The timing poses significant challenges to Upbit's expansion plans and potential US listing ambitions.
Summary

Author: Chloe, ChainCatcher

South Korean cryptocurrency exchange Upbit disclosed that it detected abnormal withdrawals around 4:00 AM today, with approximately 44.5 billion won (about US$30.43 million) of Solana network assets (including SOL, USDC, and a range of smaller tokens) transferred to an unspecified external wallet. Upbit stated, "We immediately confirmed the outflow of assets due to the abnormal withdrawal and will use Upbit's assets to reimburse the full amount to ensure user assets are not compromised."

Upbit has frozen approximately 2.3 billion won (about US$1.57 million) in funds, and other assets are being tracked.

The exchange quickly blocked its infrastructure after the incident, transferred all assets to secure cold wallets to prevent unauthorized transfers, and conducted security audits on each wallet and signature system.

Coincidentally, Upbit was also hacked six years ago today. According to Cryptonews, the incident was attributed to North Korean hackers, and the stolen ETH was worth approximately $41.5 million. After the theft, Upbit also used its own funds to pay off the entire amount and suspended trading for two weeks.

Upbit has stated that it is collaborating with multiple projects and relevant institutions to attempt to further freeze or recover the stolen tokens and is preparing to transfer the information to law enforcement agencies. According to South Korean media outlet BlockMedia, the Virtual Asset Supervisory Service of the Financial Supervisory Authority of Korea has immediately launched an inspection of the platform. The Financial Supervisory Authority stated, "We are aware of this hacking incident and are currently investigating the details of the attack, the extent of the damage, and the measures taken to protect customer assets."

Furthermore, according to Beosin Trace's analysis, some of the funds that abnormally flowed out of Upbit have begun to be transferred. Binance user addresses (starting with 2zR) received SOL abnormally flowing out of Upbit from multiple intermediary addresses after the incident, currently receiving a total of approximately $315,000 worth of SOL.

Crypto Quant founder Ki Young Ju also posted on the X platform that after Upbit suspended withdrawals due to a hacker attack, the arbitrage bot temporarily stopped working, and South Korean retail investors took the opportunity to drive up the prices of various altcoins on the platform.

The merger was announced shortly after the acquisition was announced, but deposits and withdrawals were suspended due to asset theft.

Upbit's parent company, Dunamu, just announced its merger with Naver Financial yesterday. The deal is valued at approximately $10.3 billion, making it one of the largest mergers in South Korean financial history. In addition to promoting the Korean won stablecoin and payment ecosystem, it also paves the way for Upbit's listing in the United States.

Previous reports indicated that the two boards of directors would merge through an all-stock swap. In this share swap, Dunamu's share price was 439,252 won, and Naver Financial's share price was 172,780 won, a ratio of 1:2.54. Dunamu's co-founders would hold approximately 30% of the merged shares, becoming the largest shareholder. Furthermore, to avoid violating South Korean antitrust regulations, Dunamu would delegate more than half of its voting rights to Naver, ensuring the merger structure could be successfully approved.

Dunamu's recent financial report solidified its leading position among South Korean digital asset exchanges. In the third quarter of this year, its net revenue increased by 300% year-on-year to $165 million, more than 300% higher than the same period last year. This financial performance has given a strong boost to the acquisition.

This acquisition further demonstrates the high degree of complementarity between the two companies' businesses. Naver, a leading South Korean technology giant, has expanded its business from its initial search engine to multiple sectors including e-commerce (Naver Shopping), payments (Naver Pay), and digital content (Naver Webtoon), forming a complete business ecosystem. Furthermore, with the launch of Dunamu's self-developed L2 GIWA Chain, it has moved beyond its exchange business, transforming into a blockchain infrastructure provider, perfectly complementing Naver's diversified business scenarios. In addition, this merger lays the foundation for a Korean Won stablecoin. Dunamu's Korean Won stablecoin under development will use Naver Pay as its core issuance channel, thus connecting the entire chain from the blockchain infrastructure to user-end payments.

However, due to issues involving stablecoin risks, exchange compliance, and market competition, this transaction still requires review by South Korea's financial regulatory agency and the Fair Trade Commission. Furthermore, in early November, Dunamu was fined approximately $25 million by South Korea's Financial Intelligence Unit (FIU) for KYC violations. Upbit also suspended new user registrations and deposits/withdrawals for three months.

South Korean regulators' crackdown on exchanges poses a challenge to Upbit's Nasdaq IPO.

This is one of the heaviest fines ever levied against a cryptocurrency exchange in South Korea in recent years, and is part of a broader enforcement campaign by the South Korean government to combat anti-money laundering and KYC violations in the cryptocurrency industry.

The FIU stated that "during its anti-money laundering review of Dunamu, approximately 5.3 million KYC violations were discovered." The agency also noted that Dunamu failed to report 15 suspicious transactions.

According to CoinDesk, Dunamu did not immediately plead guilty to the hefty fine and is even conducting an internal review and will appeal. A Dunamu spokesperson also emphasized that the FIU had previously made errors in judgment. "The FIU previously fined Hanbitco 2 billion won for KYC deficiencies involving approximately 200 users, but the Seoul court subsequently overturned the fine, determining that the case did not constitute money laundering."

However, this time the South Korean regulators did not back down, conducting thorough investigations of Dunamu, Korbit, GOPAX, Bithumb, and Coinone. According to the FIU report, in reviewing their anti-money laundering and other regulatory compliance, it was found that Bithumb, Coinone, Korbit, and GOPAX had also violated multiple regulations.

As South Korea's largest cryptocurrency exchange, Upbit's recent troubles, from the penalties it faced earlier this month to the theft of its assets, all occurred around the time Dunamu and Naver Financial announced their merger plans yesterday. This is especially significant given the sensitive period when Upbit is considering a Nasdaq IPO after the merger, undoubtedly posing a challenge to its expansion plans.

Share to:

Author: 链捕手 ChainCatcher

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: 链捕手 ChainCatcher. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
NancyNancy
While Wall Street is still debating, the digital yuan has already started "distributing money" to users.
WolfDAOWolfDAO
RWA、Meme和隐私:2026年谁才是真正的Alpha来源?
PA一线PA一线
The CFTC chairman announced the launch of the "Future Proof" program to upgrade the agency's approach to cryptocurrency regulation.
PA一线PA一线
Bloomberg: Inadequate US regulation will jeopardize the future of the crypto industry
Tiger Research Tiger Research
Tiger Research:假如我是Kaito的创始人,面对InfoFi的变局会如何决策?
PA一线PA一线
Portuguese regulators have ordered the prediction market Polymarket to cease operations in the country.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe