Upbit

Upbit CEO Woo Kyung-sik issued a public statement regarding the recent security breach and apologized to users, noting that the incident resulted from shortcomings in Upbit’s internal security management. On the morning of the 27th, Upbit detected abnormal withdrawals from its Solana-based wallets, prompting an immediate full-scale inspection of related networks and wallet systems. During the investigation, the team identified a vulnerability that could potentially be exploited to infer private keys, which has since been patched. To safeguard user assets, Upbit suspended all cryptocurrency deposits and withdrawals and initiated on-chain tracking and asset-freezing procedures for funds transferred externally. On December 6, after completing the replacement of all virtual asset wallets and strengthening security controls, Upbit restored full deposit and withdrawal services. According to current estimates, the total value affected by the incident is approximately KRW 44.5 billion (about USD 30.3 million). Of this amount, approximately KRW 38.6 billion (about USD 26.33 million) belongs to users, and KRW 2.3 billion (about USD 1.57 million) has been successfully frozen. Upbit’s own funds affected total approximately KRW 5.9 billion (about USD 4.02 million). On December 8, Upbit’s operating company Dunamu provided an update, stating that an additional KRW 2.6 billion (approximately USD 1.77 million) in compromised assets has now been frozen. Recovery procedures are currently in progress to ensure the secured funds can be safely reclaimed. On January 8, according to MistTrack monitoring, the attacker behind the Upbit hack (address starting with 0x93A0) is continuously transferring funds to Tornado Cash. So far, 1,400 ETH have been moved. Attack method (per SlowMist): Unknown. Reported loss: $ 30,300,000.