Upbit Hack Overshadows Naver’s Acquisition of Dunamu as ₩54B Solana Breach Halts Transfers

TL;DR

• Upbit suffered a ₩54B ($37M) Solana hot-wallet breach, forcing an immediate halt to Solana deposits and withdrawals.
• The incident hit hours after Naver announced its acquisition of Dunamu, overshadowing one of Korea’s biggest digital-asset deals.
• Upbit says it will fully reimburse all user losses, while regulators intensify scrutiny amid an already tense compliance environment.

South Korea’s largest crypto exchange, Upbit, halted Solana deposits and withdrawals on Wednesday after detecting unauthorized transactions draining roughly ₩54 billion (about $37 million) from one of its operational wallets. The Upbit hack, which the exchange described as an “abnormal withdrawal activity” incident, forced the immediate freeze of Solana-network services. It also triggered a wider migration of assets into cold storage.

The breach landed at a highly sensitive moment. Just hours earlier, Naver Financial announced a stock-swap acquisition of Dunamu, Upbit’s parent company. The deal would fold South Korea’s largest crypto platform into one of the country’s most powerful tech conglomerates. Instead of dominating the news cycle, the merger was eclipsed by the exchange’s latest security failure.

A Hot-Wallet Breach Limited to Solana Assets

Upbit said the incident was contained to a single Solana hot wallet. The wallet handled daily operational flows such as customer withdrawals. The exchange confirmed that it immediately transferred all remaining Solana tokens from the wallet to cold storage after detecting the breach.

A preliminary review shows that the attackers siphoned off a wide mix of assets. These included majors like SOL and USDC, ecosystem tokens such as JUP, RAY, RENDER, ORCA and PYTH, and high-volume memecoins that trade heavily on Korean exchanges. Among them were BONK, TRUMP, MOODENG and smaller Solana-native tokens. The list aligns with on-chain tracking performed by multiple analytics firms. It also reflects user queries about which tokens were stolen in the Upbit hack.

Upbit stressed that no other networks were affected. It also said the intrusion did not compromise cold wallets, which hold the majority of customer and corporate assets.

Operational Freeze and User Assurances

Within minutes of identifying the breach, Upbit initiated a full suspension of Solana withdrawals. It also disabled deposits for all Solana-based tokens. The company moved remaining assets from its Solana hot wallet into cold storage and began working with blockchain forensics teams and Korean authorities. Investigators are now tracing the stolen funds. Early indications suggest that portions of the tokens have already been flagged or frozen on-chain.

Most critically for customers, the exchange said it will fully cover the loss using corporate reserves. Upbit emphasized that the incident will not affect user balances and also confirmed that it has reconciled all accounting for the $37M Solana breach.

This assurance is essential for South Korean users, who rely heavily on local exchanges due to the country’s closed capital system rules. Earlier exchange failures in the region, particularly during the 2022–2023 restructuring cycle, have made users wary of platform risk.

A Corporate Megadeal Collides With a Security Crisis

The most damaging aspect of the breach may not be the loss itself. Its proximity to one of the biggest corporate moves in the Korean fintech and digital-asset sector is more significant. The Naver–Dunamu merger, executed via a multibillion-dollar stock swap, aims to position Naver as a major player in blockchain infrastructure, digital identity, tokenization and AI-driven financial services.

Instead of celebrating a milestone that would make Upbit part of the Naver ecosystem, headlines quickly shifted to a security lapse at the very exchange Naver is acquiring. In a country where tech conglomerates shape national strategy, the optics were severe. Hours after one of Korea’s most influential companies announced its entry into digital assets through a high-profile merger, the centerpiece of that acquisition suffered a hot-wallet breach.

The episode complicates Naver’s narrative. The merger was designed to project institutional scale and stability. It was also intended to demonstrate readiness for regulated Web3 services. Instead, the breach revived concerns about operational vulnerabilities.

Six Years After the 2019 Upbit Hack, History Echoes

The incident also revives uncomfortable memories of the 2019 attack on Upbit. In that event, hackers stole 342,000 ETH from the exchange’s hot wallet, worth roughly ₩58 billion at the time. Korean authorities later attributed the breach to North Korea–linked groups.

There is no evidence or attribution yet for the current attack. Even so, the recurrence, ie, similar month, similar wallet tier, similar operational vectors, adds symbolic weight. Korean media quickly noted the six-year parallel. They also pointed out that the new breach arrives just as Upbit is being absorbed into a larger corporate structure.

Regulators Were Already Watching Closely

The timing intersects with an already tense regulatory environment. Upbit recently received a fine from Korea’s FIU and a temporary three-month ban on onboarding new users. The enforcement campaign aims to tighten domestic compliance frameworks. Regulators have also been vocal about hot-wallet risk, exchange liquidity transparency and the need for real-time monitoring tools.

The new incident will likely accelerate discussions over how Korea will regulate exchanges after the Upbit hack. Lawmakers could consider stricter caps on hot-wallet balances and mandatory cyber-insurance requirements. They may also push for expanded oversight of operational security practices. With the incoming Naver–Dunamu consolidation, regulators are likely to ask how the merged entity plans to enforce safety across a larger financial ecosystem.

Market Reaction: Contained and Exchange-Specific

Despite the size of the loss, market reaction across the Solana ecosystem remained contained. SOL traded within a narrow band following the news. The SOL price reaction was muted for an event involving a top Asian exchange.

Memecoins such as BONK, TRUMP and MOODENG saw brief intraday swings. They avoided the kind of cascading sell-offs associated with protocol-level failures. Analysts noted that the impact of Upbit hack on the Solana ecosystem was minimal because the event was clearly exchange-specific. It did not indicate an issue with Solana’s consensus or security model.

This decoupling reflects a growing maturity in crypto markets. Investors increasingly distinguish between operational risks at centralized exchanges and vulnerabilities within blockchain networks.

>>> Read more: Balancer Hack 2025: $128M Exploit Hits DeFi Forks

What Comes Next

Upbit says it will restore Solana transactions once security reviews are complete. It has not provided a specific timeline. Investigators are tracing the stolen funds across multiple addresses. Korean authorities are conducting a formal review of Upbit’s systems and incident response procedures.

Naver now faces an early stress test of an acquisition meant to expand its presence in digital finance and Web3 infrastructure. Regulators, meanwhile, are likely to treat the incident as a catalyst for tighter oversight. And users will ultimately judge Upbit on one metric only: whether the exchange fully compensates every loss.

The merger may reshape Korea’s digital-asset landscape. Even so, the timing of this breach ensures that the road to integration begins under scrutiny rather than celebration.