South Korea’s leading crypto exchange Upbit confirmed on November 27, 2025, that it suffered a significant security breach targeting its Solana-network hot wallets. The attack resulted in the loss of approximately $38 million worth of crypto assets including native Solana (SOL) and popular Solana-ecosystem tokens such as BONK, JUP, RAY, ORCA, RENDER, PYTH, among others.
According to the official post-mortem from Upbit’s operators, unauthorized withdrawals occurred from a hot wallet handling Solana-based assets. In response, the exchange immediately suspended all Solana-network deposits and withdrawals and initiated an emergency security audit while transferring remaining user funds to secure cold storage.
Upbit stated that despite the substantial loss, users will not bear any financial damage. The firm pledged to cover the stolen amount from its own reserves and ensure all user balances remain intact.
What Went Wrong And Why Solana Tokens Were Targeted
The hack appears to have been a hot-wallet breach, a common but dangerous security risk for exchanges that maintain wallets connected to the internet for frequent transactions. Because the hot wallet stored multiple Solana-ecosystem assets SOL, BONK, JUP, and several DeFi and meme tokens hackers were able to drain a wide basket of tokens in one coordinated transfer.
Exchange operators say they detected “irregular outflow activity” in the early hours (KST) and acted swiftly to freeze withdrawals and begin forensic tracing of the stolen funds. However, by then the assets had already been transferred to unknown external addresses.
Impact on Solana Ecosystem and Investor Confidence
As news of the breach spread, sentiment across the Solana ecosystem took an immediate hit. Prices of several of the affected tokens dropped, reflecting investor concern over security vulnerabilities tied to centralized exchanges. On-chain analysts warned that this incident may amplify scrutiny of how exchanges handle multi-token custody, especially for non-ERC-20 assets on networks like Solana.
The hack underscores a recurring risk in crypto markets: even ecosystems perceived as “decentralized” remain vulnerable when centralized platforms act as custodians. As a result, some users are now emphasizing the utility of self-custody wallets or decentralized exchanges to mitigate such risks especially with memecoins or lesser-known tokens.
For Upbit, this marks the second major security breach the exchange suffered a large hack in 2019 when hackers stole 342,000 ETH. That incident erased confidence among many users and highlighted systemic risks.
Upbit’s Response and Risk Mitigation Efforts
In its public statement, Upbit said it would indemnify users by covering losses from its own treasury. The exchange also committed to a full technical audit, enhanced internal wallet segmentation, and bolstered security protocols. Withdrawal and deposit services for Solana-based networks will remain suspended until all security measures pass verification.
Experts in blockchain security have praised the quick response freezing assets, shifting funds to cold storage, and pledging restitution while noting that long-term trust will depend on transparency and future liability protections.
FAQs
1. What happened during the Upbit hack?
Upbit’s hot wallet for Solana-network assets was breached, leading to the unauthorized withdrawal of about $38 million in crypto, including SOL, BONK, JUP, and other Solana-ecosystem tokens.
2. Will Upbit users lose funds?
No Upbit has committed to covering the stolen amount from its own reserves, ensuring that user balances remain unaffected.
3. Which tokens were stolen?
Assets stolen include SOL, BONK, JUP, RAY, ORCA, RENDER, PYTH, among other Solana-based tokens.
4. What should users of Solana-based assets do now?
Users are advised to withdraw assets from centralized exchanges if possible, move holdings to secure self-custody wallets, and avoid leaving large balances in hot wallets or lesser-known exchange storage.
5. Does this hack affect trust in the Solana network?
The hack affects trust in centralized custodians using Solana, not the network itself. Solana’s protocol remains separate from exchange security but it shows the importance of custody practices.