South Korean cryptocurrency exchange Upbit has announced a phased resumption of digital asset deposits and withdrawals starting December 1, 2025, at 1:00 PM KST, following a $37 million security breach that targeted Solana-based assets.
The hack occurred on November 27, 2025, when attackers stole approximately 44.5 billion KRW ($30-36 million USD) from Upbit's hot wallets, focusing on tokens like Solana (SOL), USDC, and Bonk (BONK). The exchange immediately suspended all deposits and withdrawals, moving remaining assets to cold storage to prevent further losses.
Upbit pledged 100% coverage of user losses from its corporate reserves and successfully froze around $8.18 million worth of LAYER tokens in collaboration with token foundations, representing about 22% of the stolen amount. All existing deposit addresses have been deleted, and users must generate new ones to avoid delays.
North Korea's Lazarus Group is suspected of orchestrating the attack, similar to Upbit's 2019 breach involving 342,000 ETH. South Korean authorities believe the hackers compromised administrator accounts, and blockchain analysis shows funds were bridged to Ethereum in an attempt to obscure trails.
Services will restart in phases, beginning with assets that complete security verifications, such as Akash Network's AKT and Ethereum tokens. The Financial Supervisory Service (FSS) is conducting an on-site inspection until December 5, and staking or NFT services will resume after stability checks.
