Ddos 
South Korea’s largest cryptocurrency exchange, UPBIT, has suffered a major cyberattack. According to an official announcement from the exchange, digital assets worth 54 billion KRW (approximately USD 369 million) were transferred to an unknown wallet. In response, UPBIT has suspended all cryptocurrency withdrawals.
Timestamp data shows that the attacker moved multiple Solana-based tokens from UPBIT to an unidentified wallet at 04:42 on 27 November 2025 (UTC+0900). Once the anomaly was detected, UPBIT immediately began transferring all remaining assets into secure cold-storage wallets.
The exchange is now working with South Korean law enforcement to track the stolen funds. The good news: tokens valued at roughly 12 billion KRW have already been frozen on-chain. Before the attacker can fully move the assets or launder them through mixers, additional funds may still be frozen and recovered.
UPBIT has pledged to cover all losses with its own capital, ensuring that none of its users will suffer financial harm. Once the asset audit is completed, the exchange will resume withdrawals, and all customer funds will once again be accessible.
It remains unclear how the attacker carried out the intrusion. Since the assets were drained from a hot wallet, a security vulnerability within the exchange is the most likely cause. The hacker may have been lurking within UPBIT’s infrastructure for some time, waiting for the weakest moment to execute the transfer in the early hours of the morning.
Related Posts:
- South Korea’s largest cryptocurrency exchange, Upbit was investigated by Korea’s Financial Watchdog
- Sony Ends 18-Year Presence in Russia, Completing its Market Withdrawal
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
