Взлом Upbit: Хакеры украли $37 млн из-за уязвимости в кошельках Translation: Upbit Hacked: $37 Million Stolen Due to Wallet Vulnerability

On November 27, Upbit, the largest cryptocurrency exchange in South Korea, suspended withdrawals following an attack that led to the theft of $36.8 million in assets.

The company reported that the hack was due to a vulnerability in its internal system.

The issue was related to Upbit’s wallet software, which generated weak or predictable digital signature data, enabling the attackers to mathematically reconstruct the private keys of certain wallets by analyzing the exchange’s transaction history.

According to local media, authorities are also investigating the potential involvement of North Korean hacking group Lazarus in the attack, although this information has not been officially confirmed.

The incident took place on the Solana network. Around four in the morning local time, a portion of the tokens was transferred to an unknown external wallet.

The affected assets included SOL, 2Z, ACS, BONK, DOOD, DRIFT, HUMA, IO, JTO, JUP, LAYER, ME, MEW, MOODENG, ORCA, PENGU, PYTH, RAY, RENDER, SONIC, SOON, TRUMP, USDC, and W.

Upbit has transferred all tokens to secure cold wallets. A portion of the stolen assets, specifically LAYER tokens worth $8.18 million, has been successfully frozen.

The exchange stated it is collaborating with blockchain security teams and law enforcement to investigate the incident. Representatives of the platform emphasized that users will be fully compensated for their losses through the company’s reserves.

Details of the attack are yet to be disclosed.

AML/KYC analyst Dmitry Poida from the provider «Shard» pointed out that the breach might have resulted from a compromise of the hot wallet or the withdrawal infrastructure of the exchange.

A less likely scenario is a problem with the logic governing the withdrawal module on the Solana network. Upbit’s mention of an “emergency security check” on its systems indirectly suggests this possibility.

“This network differs in its transaction architecture, and errors in such modules can sometimes allow the manipulation of withdrawal addresses or sidestep verification procedures,” the expert explained.

The attackers’ focus on low-liquid and new coins further corroborates the theory of a hot wallet breach on the Solana network. According to Poida, typically, addresses used in this context do not hold the most liquid or largest tokens, which enter during the exchange’s handling of client withdrawals and deposits.

When discussing the chances of recovering all the stolen funds, the analyst stressed that after engaging the Korean cyber police, financial regulators, and the Solana project team, those chances «could increase significantly.»

«Upbit is the largest exchange in South Korea; such firms work closely with regulators and law enforcement. This is not a global anonymous crypto platform but part of the formally regulated fintech infrastructure of the country,» Poida concluded.

On November 26, South Korea’s leading IT conglomerate, Naver Financial, announced its acquisition of Dunamu, the operator of Upbit. The deal was valued at $10.29 billion. Following the merger, both companies will remain autonomous and continue operating within their current business lines.

As per sources, in light of the recent events, the exchange is preparing for an IPO.

Dunamu shareholders will have the opportunity to exchange their shares for Naver Financial stocks at an agreed exchange rate of 1:3.3, after which Dunamu will come under Naver’s control.

The chairman of Dunamu, Song Chi-hyun, and vice-chairman Kim Hyun-nen will become the largest stakeholders in the merged entity, holding a combined 30% stake.

The CEO of the exchange operator, Oh Kyun-sok, stated that both companies aim to develop their own stablecoin, pegged to the South Korean won. Earlier, local media reported that in December, Naver would launch a wallet for «stable coins» as part of a pilot project in Busan.

Recently, it was also reported that over the next five years, Naver and Dunamu would invest approximately $6.8 billion in building AI and blockchain-based financial infrastructure.

It’s worth recalling that in November last year, South Korean authorities discovered up to 600,000 KYC violations at Upbit.