Key Highlights
- Upbit urges new deposit addresses after $37M Solana hack, highlighting risks of hot wallets and the need for careful security measures.
- The Lazarus-linked attack exploited malware and backdoors, showing how sophisticated hacks can bypass exchange security systems.
- Exchanges face pressure to protect assets as lawsuits like Binance’s $80M case question responsibility in stolen crypto recovery.
Upbit, the largest crypto exchange in South Korea, is warning users to generate new deposit addresses after a $37 million hack hit its Solana hot wallets. The breach, which occurred on November 27, siphoned roughly 54 billion won from several Solana-based tokens, including SOL and USDC, raising fresh concerns over wallet security.
The company has since deleted all old deposit addresses during wallet maintenance to prevent further issues. Members must create new addresses before depositing digital assets.
In an announcement, Upbit stated that deposits and withdrawals for 33 digital assets across 21 networks will resume gradually from December 5, 17:00 KST, after wallet systems pass safety inspections.
The company stressed that using old addresses may delay deposits or cause errors. “Please ensure you generate and use a new deposit address before depositing digital assets,” Upbit warned, highlighting security improvements and wallet inspections as the primary reasons behind the move.
Details of the security breach
The attack exploited a multi-stage chain, likely orchestrated by the North Korean hacker group Lazarus. Security researchers explained that the hackers tricked users into installing a fake Derivative trading platform. Malware then spread through Python and .NET programs to steal wallet passwords and sensitive information. The attackers also employed AnyDesk backdoors and Tor to remain hidden, complicating detection.
After stealing the funds, the hackers probably laundered them through other exchange wallets. An analyst cited by Yonhap noted, “If mixing occurs, the transaction becomes untraceable, and since mixing is impossible in FATF-member countries, it is highly likely that North Korea did this.”
The attack coincided with a press event announcing the merger of Naver Financial and Dunamu, Upbit’s parent company. Experts speculate the timing was intentional to maximize attention.
In response, Upbit immediately halted all deposits and withdrawals, moved remaining assets to cold wallets, and launched a full inspection of its systems. CEO Oh Kyung-seok apologized for the disruption, assuring users that asset security remains the company’s top priority.
Ongoing risks and broader implications
The attack repeats a very similar incident to the Upbit Ethereum hack in 2019, which, at today’s prices, would be over $1 billion. According to analysts, hot wallets remain a persistent vulnerability when hackers target admin accounts to get past security. Therefore, pressure is mounting for crypto exchanges around the world to further improve wallet security.
Meanwhile, in the United States, a Florida appeals court revived a class-action lawsuit alleging Binance had failed to recover an estimated $80 million of Bitcoin stolen from investors. According to the plaintiff, as confirmed by Bloomberg Law, hackers transferred funds to a Binance account, where they were converted and withdrawn before the exchange took action.
The ruling paves the way for the case to unfold at the state level and raises questions around greater responsibilities of exchanges in such theft cases.
The Upbit hack shows the importance of stronger wallet security and careful monitoring. Users should generate new deposit addresses and watch for phishing attempts. Exchanges need to respond quickly to prevent further losses.
Also Read: Hackers Exploit USPD Stablecoin via Proxy Deployment Vulnerability
