South Korean cryptocurrency exchange Upbit is in the spotlight following a significant security breach amounting to $30 million. This incident has prompted an urgent internal audit, uncovering vulnerabilities within the platform’s wallet system, raising concerns about potential risks associated with private keys.
Urgent Audit Reveals Wallet Vulnerabilities
The emergency audit, initiated after unusual activities were detected on November 26, identified flaws within Upbit’s wallet software. These weaknesses could theoretically allow attackers to mathematically derive private keys by analyzing blockchain transactions. CEO Oh Kyung-seok articulated that while blockchain data is generally public and secure, the company’s specific wallet implementation created weak and predictable signature data, increasing the theoretical risk.
According to Upbit, the vulnerability was only identified during a system-wide review and did not appear to be directly linked to the recent hacking incident. In response, the platform has rectified the flaw and conducted a comprehensive inspection of all associated networks and wallet systems to ensure no additional weaknesses exist.
Upbit’s Commitment to Customer Security
The breach, which led to approximately 44.5 billion KRW in losses—about 38.6 billion KRW in customer assets—triggered immediate action from the exchange. Withdrawals were suspended, and remaining assets were shifted to cold storage to prevent further losses. Notably, around 2.3 billion KRW of the stolen funds, approximately $1.5 million, have already been frozen.
In light of these developments, Oh Kyung-seok emphasized that no security system can be deemed entirely fail-proof. He reassured clients that Upbit would cover all losses using its reserves and has pledged to enhance security measures across the platform. The exchange will only resume deposits and withdrawals after a final verification of its wallet systems.
Ongoing Investigation by South Korean Authorities
South Korean authorities are currently investigating the breach, with initial intelligence suggesting possible involvement from the Lazarus Group, a notorious hacking organization believed to have ties to North Korea. Although Upbit and regulators have not confirmed this publicly, the company is actively collaborating with law enforcement and blockchain projects to recover and freeze stolen assets as much as possible.
This incident has compelled Upbit to carry out a broader security review of its entire infrastructure. The exchange noted that irregular withdrawal activities linked to Solana tokens such as ORCA, RAY, and JUP triggered the emergency audit that unveiled the vulnerabilities. By undertaking a complete overhaul of its wallet systems, Upbit aims to prevent similar breaches in the future.
