How Crypto Exchange Upbit Got Robbed Again – Six Years Later, Same Date
Upbit, South Korea’s dominant cryptocurrency exchange, suffered unauthorized withdrawals totaling approximately $36. 9 million (54 billion won) early Thursday morning, marking the second time the platform has been breached on November 27. The exchange detected unusual activity at 4: 42 a. m. local time when Solana-linked assets moved to an unidentified wallet address. Dunamu CEO Oh Kyung-seok disclosed the breach during a press conference at 12: 33 p. m., just hours after the company had announced its merger with Naver Financial. Upbit’s Six-Year Anniversary of $50 Million Ethereum TheftThe timing raised immediate concerns among security analysts. Exactly six years earlier, on November 27, 2019, Upbit lost 342, 000 Ethereum tokens worth approximately $50 million in what authorities later confirmed was an attack by North Korean hacking groups Lazarus and Andariel. At the time of that theft, Ethereum traded around $146 to $149 per coin, putting the haul at roughly 58 billion won. The 2019 stolen Ethereum would be worth significantly more today approximately $1. 04 billion at current prices. South Korean investigators eventually determined that the attackers converted 57% of the stolen funds through three cryptocurrency exchanges they controlled, while laundering the remainder through 51 exchanges across 13 countries. Upbit(@Official_Upbit) has been hacked 54B KRW (~36. 8M USD) in assets on #Solana have been transferred to unknown wallets. pic. twitter. com/DM5BxSTtXA- Lookonchain (@lookonchain) November 27, 2025Cryptocurrency exchanges generally face a difficult environment. More than two years ago, the exchange reported that in just the first half of 2023, there were 159, 000 attempted hacks against its systems. Its proximity to North Korea and the presence of the Lazarus hacking group in the region add to the risks. Since the start of this year, cybercriminals from communist North Korea are estimated to have stolen more than 2 billion dollars’ worth of cryptocurrencies. Hot Wallet Compromise Triggers Platform FreezeThursday’s breach affected multiple Solana-based tokens including SOL, USDC, BONK, JUP, RAY, RENDER, ORCA, and PYTH. The company confirmed the intrusion was limited to hot wallet storage, with cold wallet reserves remaining secure. Upbit immediately moved remaining assets into cold storage and suspended all deposit and withdrawal services across the platform as a precautionary measure.”We will fully cover the loss with Upbit’s own assets so that customers are not affected in any way,” the company stated, assuring users no action would be required to recover their funds. Trading continues to function normally on the platform, though users cannot move assets on or off the exchange during the ongoing security review. Breach Comes Day After $10 Billion Naver DealThe hack arrived at a delicate moment for Dunamu. Just one day earlier, the company finalized a $10. 3 billion stock-swap merger with Naver Financial, creating one of South Korea’s largest digital finance entities. Under the agreement, Naver Financial will issue 87. 5 million new shares at a 1: 2. 54 ratio, making Dunamu a wholly owned subsidiary. South Korean financial authorities have launched on-site inspections to assess the situation. The repeated breach on the same calendar date, combined with North Korean involvement in the previous attack, has sparked speculation about the perpetrators behind the latest incident. This article was written by Damian Chmiel at www. financemagnates. com.