Upbit Suffers $36 Million SOL Wallet Heist

South Korea’s largest cryptocurrency exchange saw roughly $36 million drained from its hot wallet linked to the Solana network in what officials describe as an “abnormal withdrawal”. The breach triggered an immediate freeze on deposits and withdrawals. The operator, Dunamu, moved remaining assets into cold storage and pledged to fully reimburse all affected users.

Authorities in Seoul identified the hacking group Lazarus Group — long associated with previous crypto thefts — as the prime suspect behind the intrusion. Investigators plan an on-site inspection of Upbit’s systems to determine how attackers bypassed security protocols.

The tokens siphoned off included SOL alongside several Solana-ecosystem assets. Observers noted that the attack bears striking resemblance to a prior Upbit breach in 2019 — when 342,000 ETH disappeared under circumstances later attributed to Lazarus and associated groups.

Security firms monitoring on-chain flows report that the speed and pattern of withdrawals mirror those from Lazarus-linked incidents. Analysts warn that the hack underscores persistent vulnerabilities when hot wallets — the always-online accounts exchanges use for frequent transactions — remain exposed to governance failures or credential compromises.

The timing of the incident coincided with a corporate milestone for Dunamu: the day saw the public announcement of a planned merger with technology firm Naver. Some security experts speculate that the attackers might have deliberately chosen the moment to maximise impact on market confidence and regulatory attention.

Upbit’s management emphasised that user assets held in cold storage remained untouched. The company began working immediately with token issuers and blockchain-analytics firms to freeze traceable stolen funds. Officials involved in the probe noted the laundering techniques — rapid mixing of tokens across multiple wallets and networks — reflect a refined modus operandi honed over several high-profile attacks.