Upbit transfers 99% of assets to cold wallets after major hack
The exchange is strengthening its security system and promises full compensation for losses.
10.12.2025 - 09:55
259
3 min
0
Key points:
- Upbit transferred 99% of customer funds to cold wallets after a major hack of Solana’s hot wallet.
- The company will compensate users for direct losses and upgrade its asset storage system.
South Korea’s largest crypto exchange, Upbit, has almost completely transferred customer assets to cold storage after a major hack of the Solana hot wallet.
Operator Dunamu said that 99% of user funds will now be stored offline, and the volume of hot wallets will be reduced to almost zero. This decision was made after hackers stole 44,5 billion won (about $30 million).
Bunni DEX shuts down after $8,4 million hack
The team said it did not have the resources to restart the protocol and transferred its developments to the community under an open license
These changes significantly exceed the requirements of South Korea’s Virtual Asset Protection Act, which requires exchanges to keep at least 80% of customer deposits in cold wallets.
Upbit reduces use of hot wallets
Cold wallets are offline, making them more difficult to hack, but transactions are slower. Hot wallets are more convenient, but they are more often targeted by hackers. For traders, the transition to 99% cold storage means that if there is another hack, significantly less will be at risk.
According to Dunamu, at the end of October 2025, Upbit stored 98,33% of customer assets in cold wallets and 1,67% in hot wallets. Even before the attack, this was the lowest hot storage rate among Korean exchanges: competitors had 82–90%.
What happened to Balancer and where did the $130 million go: a detailed investigation
The hacker found a vulnerability in the project that allowed him to bypass the funds verification and release real assets with almost no restrictions.
The company maintained a cold wallet share above 98% despite rising cryptocurrency prices and an influx of funds from new listings. Upbit has now completed the review and upgrade of its infrastructure and intends to completely abandon hot wallets.
The attack on Solana’s assets accelerated the adoption of these measures. Initially, the damage was estimated at 54 billion won (about $36 million), but later the amount was revised to 44,5 billion. Direct losses to users amounted to 38,6 billion won ($26,2 million), and the company promised to fully compensate them from its own reserves.
Experts identified a vulnerability that could have allowed attackers to gain access to private keys by analyzing blockchain data. Upbit has not confirmed whether this vulnerability was exploited, but the very fact that it was identified highlighted the systemic risk of hot wallets.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 509
BTC
-3.12%
-
Ethereum
$1 659.21
ETH
-5.79%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.11
XRP
-3.32%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.079409
DOGE
-5.64%
-
Zcash
$424.63
ZEC
-7.04%
-
Stellar XLM
$0.193241
XLM
-9.16%
-
Cardano
$0.153743
ADA
-5.05%
-
Polkadot
$3.32
DOT
+5.27%