South Korea’s top crypto exchange, Upbit, suffered a major security breach, losing tens of millions of dollars in digital assets just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp.

The intrusion, which primarily targeted Solana-based tokens, forced Upbit to halt all deposits and withdrawals today (Nov. 27). While the initial estimates of the loss were higher, the exchange revised the figure to approximately 44.5 billion Korean won, about $30 million, based on asset prices at the time of the unauthorized transfer.

The company confirmed that the security failure occurred in one of its “Hot Wallets,” which are used for fast, day-to-day transactions. The more secure cold wallet, which stores the majority of customer assets offline, was not affected.

Abnormal withdrawals were first detected around 4:42 a.m. KST on Nov. 27, 2025, when a basket of assets on the Solana network was moved to an unknown external wallet address. The stolen assets included over 20 tokens, prominently featuring Solana (SOL), USDC, Bonk (BONK), Jupiter (JUP), Render Token (RENDER), Orca (ORCA), and Peace Network (PYTH).

In response, the exchange immediately suspended all transaction services. Upbit also initiated on-chain measures to freeze the stolen funds, successfully freezing approximately 2.3 billion won worth of Solayer (LAYER) tokens.

Oh Kyoung-suk, CEO of Dunamu, addressed users, expressing his deep regret. In an official statement, he reassured customers: “We would like to inform you that the scale of digital asset leakage caused by abnormal withdrawals has been identified immediately upon confirmation, and that Upbit’s assets will be fully covered to prevent any damage to your assets.”

Eerie anniversary and acquisition coincidence

The hack’s timing has added a layer of unwelcome drama. The breach occurred a day after Dunamu and Naver executives were publicly touting their $10.3 billion all-stock merger. The acquisition is intended to combine Naver’s financial and AI infrastructure with Upbit’s crypto platform to create a global powerhouse.

Adding to the unfortunate coincidence, the Nov. 27 date marks the sixth anniversary of a major security breach in 2019, when 342,000 Ethereum tokens were stolen from the exchange in an attack later attributed to North Korean hacking groups.

Upbit has reported the incident to relevant authorities, including financial regulators and the Korea Internet & Security Agency (KISA) security audit on the stability and security suitability of its entire deposit and withdrawal system, extending), and is cooperating with investigative agencies.

The exchange is currently conducting an extensive investigation beyond the compromised Solana network family. The company stated it plans to resume deposit and withdrawal services “sequentially as soon as safety is secured.”

It’s been a bad week. Crypto thieves have stolen Solana via hidden Chrome extensions.