Upbit, a major cryptocurrency exchange in South Korea, has reported an abnormal withdrawal involving assets on the Solana network valued at about USD 37 million. The exchange said that funds were moved from one of its internal wallets to an external address that was not authorised. Upbit immediately suspended deposits and withdrawals for assets on the Solana network and moved remaining holdings to cold wallets while it investigated the cause of the incident.
The exchange confirmed that the affected assets included a range of Solana-based tokens. These consisted of the native SOL token along with other tokens circulating on the network. Some of the affected tokens had been widely traded and showed high liquidity before the withdrawal occurred. Upbit said that it was able to freeze about USD 8 million worth of assets with the help of blockchain projects and relevant authorities. The company added that customer balances would be protected and that any losses would be covered using its own reserves.
Dunamu, Upbit’s operator, described the event as an abnormal withdrawal rather than a traditional security breach. The company said that it is reviewing its wallet infrastructure to identify how the unauthorised transfer was executed. It also stated that deposits and withdrawals for Solana network assets would remain paused until the review is complete. Upbit’s chief executive said the company is coordinating with law enforcement and blockchain partners to trace the movement of the remaining funds and to understand whether any systemic changes are required.
Despite the significant value of the withdrawal, market activity for some Solana-related tokens remained stable. Analysts noted that several of the affected tokens did not experience large price drops even after the incident became public. They said that investor sentiment across parts of the Solana ecosystem remained relatively steady, which may indicate confidence in the broader market despite the disruption at the exchange.
Upbit has urged users to be cautious if they receive unexpected messages or requests for account information. The company reminded customers that it will not ask for passwords, private keys, or authentication codes through unsolicited contact. Users were also advised to enable multi-factor authentication and to review their transaction histories for unusual activity. Although the withdrawn assets were limited to those linked to the Solana network, analysts said that incidents involving prominent exchanges can lead to broader phishing attempts aimed at customers.
Investigators are examining whether the incident resulted from a software flaw, a compromised key, or a misconfiguration in wallet infrastructure. As of now, Upbit has not provided additional technical details. The company has stated that it will release further updates once the investigation progresses. Dunamu said that it aims to complete its review as quickly as possible while ensuring that any structural issues are identified and corrected.