Upbit Uncovers Wallet Vulnerability After $30M Hack
Upbit has provided an update on the recent hack, admitting that gaps in its security processes played a role in the incident. The company accepted full responsibility and stressed that ‘there is no room for excuses.’
In brief
- Upbit openly acknowledged that flaws in its own wallet system played a role in its recent security breach, taking full responsibility for the lapse.
- The platform confirmed that the issue has now been fully resolved.
- Information from authorities suggests that the North Korean Lazarus hacking group is suspected to be behind the attack, echoing methods seen in a similar 2019 incident.
Upbit Detects Weakness in Wallet System
In its latest communication, Upbit explained that while investigating the $30 million theft detected on November 27, its team examined a large set of the exchange’s wallet transactions recorded on the blockchain and uncovered a flaw that made it possible for private keys to be worked out.
While the exchange said the issue has now been resolved, the vulnerability only came to light during a comprehensive technical review, which was launched after unusual withdrawals were observed from Solana-related wallets.
We analyzed numerous Upbit wallet transactions publicly disclosed on the blockchain, and discovered a security vulnerability that allowed us to deduce private keys (a type of password that allows access to blockchain wallet addresses and assets). We addressed this vulnerability.
Oh Kyung-seok, CEO of Dunamu
To prevent additional damage, Upbit halted all deposits and withdrawals and began tracking and freezing assets that had been moved away from the platform. The company noted that services will resume only when it is confident that the system has stabilized.
Asset Impact and Reimbursement
According to Upbit, the breach affected assets worth roughly 44.5 billion won ($30 million). Around 38.6 billion won ($26 million) belonged to customers, while approximately 2.3 billion won ($1.5 million) of that amount was frozen. The exchange’s own holdings made up the remaining 5.9 billion won. Upbit confirmed that every customer whose funds were involved has already been fully compensated using the exchange’s reserves.
Previous coverage from Cointribune highlighted that the intrusion occurred through one of Upbit’s hot wallets, while its cold wallet stayed untouched. The unusual activity was detected at 4:42 a.m. and involved several Solana ecosystem tokens, including Solana, Jupiter, Magic Eden, USDC, and other associated assets.
Upbit Breach Linked to Lazarus
Upbit has activated emergency procedures across the company and is reviewing its security infrastructure. The exchange emphasized that protecting customer assets remains its top priority, while also noting that this incident highlights how no platform is completely immune to threats.
Meanwhile, information shared through the Yonhap News Agency revealed that the North Korean hacking group Lazarus is believed to be connected to the latest attack, according to government and business sources. In response, authorities plan to carry out an on-site inspection at the exchange to investigate further. Lazarus was also suspected of a previous Upbit attack in 2019, when about 58 billion won worth of Ethereum was stolen, and investigators say the techniques used then appear similar to those seen in the recent breach.
Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
Ifeoluwa specializes in Web3 writing and marketing, with over 5 years of experience creating insightful and strategic content. Beyond this, he trades crypto and is skilled at conducting technical, fundamental, and on-chain analyses.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.