Although the Solana protocol itself remained operational and uncompromised, Upbit disclosed on November 27, 2025, that an unauthorized actor had exfiltrated private key credentials for a Solana hot wallet, enabling the rapid transfer of approximately $36 million in assets—including SOL, USDC, BONK, JUP, RAY, PYTH, RNDR and other ecosystem tokens—to external addresses, a loss the exchange has stated will be absorbed by corporate reserves; the incident, characterized by security analysts as emblematic of the heightened custodial risk inherent in high-throughput blockchains where transaction finality precludes real-time reversal, prompted immediate cessation of Solana deposits and withdrawals, migration of remaining on-chain holdings to cold storage, key rotations and wallet redeployments, and coordinated forensic engagement with Solana developers and external investigators to trace token flows and evaluate systemic implications for hot-wallet governance among major Korean exchanges. The breach, which exploited the accelerated settlement characteristics of Solana to effectuate dozens of near-instantaneous transfers, illustrated how rapid finality complicates conventional containment strategies, producing an operational environment where the compromise of a single private key can precipitate large-scale asset displacement before interdiction mechanisms can be enacted. Upbit’s containment measures, including halting withdrawals, migrating assets to cold storage, and instituting immediate key hygiene improvements, were framed by the exchange as necessary mitigations to forestall further unauthorized access while forensic teams undertook transaction tracing and provenance analysis across multiple Solana addresses. From a customer-protection perspective the parent company’s commitment to absorb the loss, and Dunamu’s pledge to reimburse affected balances from corporate reserves, sought to preserve depositor confidence and market liquidity, although industry observers noted that reliance on corporate backstops does not substitute for structured Insurance Coverage policies calibrated to systemic risk exposures on high-throughput chains. Analysts and governance specialists emphasized that the episode underscores persistent challenges in custody models, arguing for enhanced multi-layered key management, proactive audits of hot-wallet limits, and standardized insurance frameworks to internalize tail risks, while acknowledging that the pseudonymous, composable nature of Solana token flows complicates recovery prospects and necessitates sustained cross-stakeholder coordination to deter recurrence. The exchange also reported that it had frozen deposits immediately after discovering the unauthorized transfers. The company concurrently announced that remaining funds secured were transferred to cold storage as an additional safeguard. To further bolster security, Upbit is expected to enhance multi-factor authentication protocols to reduce risks of unauthorized access in future operations.
