Upbit said it uncovered and patched a serious vulnerability in its internal wallet system while conducting an emergency investigation into the $30 million theft that hit the South Korean exchange earlier this week — but it remains unclear if the flaw was connected to the hack.
According to a translation of a company statement on Friday, CEO Oh Kyung-seok said the exchange identified “a security vulnerability in our system that could have allowed someone analyzing publicly visible Upbit wallet transactions on the blockchain to infer private keys,” referring to the cryptographic credentials that control access to funds.
While normal blockchain data does not reveal private keys, it appears Upbit’s own wallet software had a flaw that produced weak or predictable signature data, meaning an attacker analyzing the crypto exchange’s past onchain transactions could mathematically reconstruct certain wallet private keys due to a serious implementation bug on Upbit’s end.
The exchange did not link the vulnerability to the breach directly and said the issue was discovered only after Upbit began a systemwide review following irregular withdrawals from its Solana-related wallets on Nov. 27.
“We identified and addressed the vulnerability during a comprehensive inspection of all related networks and wallet systems,” Oh said, adding that the company had activated an emergency response system and suspended all deposits and withdrawals until its infrastructure is fully verified as secure.
According to the notice, Upbit confirmed the hack resulted in losses totaling approximately 44.5 billion KRW or roughly $30 million, including 38.6 billion KRW worth an estimated $26 million in customer assets. About 2.3 billion KRW ($1.5 million) of stolen funds have already been frozen, the firm added.
Upbit is now conducting a broader security review across its infrastructure, noting the incident serves as a reminder that “no security system can ever be considered perfect,” pledging deeper upgrades to prevent future breaches.
The crypto exchange said it will provide ongoing public updates and will resume deposits and withdrawals once its wallet systems complete final security checks. The platform has committed to covering all customer losses using its own reserves.
Authorities investigating Lazarus Group involvement
On Nov. 26, the crypto exchange halted withdrawals immediately after detecting abnormal Solana-based outflows, including tokens such as SOL, ORCA, RAY, and JUP, among others.
It subsequently moved remaining assets to cold storage and began a full wallet overhaul.
Upbit is South Korea’s largest exchange by trading volume, operating under parent company Dunamu, which is currently preparing for a merger with internet conglomerate Naver ahead of a potential public market listing.
South Korean authorities have also opened an investigation into the incident.
As The Block reported Thursday, local media outlets have cited early intelligence assessments suggesting North Korea’s Lazarus Group may be a suspect. However, Upbit and regulators have not publicly confirmed attribution.
Upbit said it continues to coordinate with law enforcement and blockchain projects to freeze and recover stolen assets where possible.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
