Upbit Sets December 1 Restart Date Following $37 Million Hack

Upbit will resume digital asset deposits and withdrawals on December 1 at 1:00 PM KST following a $37 million hack that targeted Solana-based assets.

The South Korean exchange announced that all existing deposit addresses have been deleted, and users must issue new addresses before depositing funds.

The security breach occurred on November 27, 2025, when hackers stole approximately 44.5 billion KRW ($30-36 million USD) from Upbit’s hot wallets.

Unlike the 2019 attack which focused on Ethereum (ETH), the latest incident targeted Solana ecosystem tokens including Solana (SOL), USDC, and Bonk (BONK). North Korea’s Lazarus Group is suspected of planning the attack.

New deposit addresses required for all users

Upbit warned that using old deposit addresses could result in delays. “Due to security vulnerability improvements and wallet system maintenance, new deposit addresses for all digital assets are required,” the exchange stated in its announcement.

The exchange instructed users to delete any existing Upbit deposit addresses registered in personal wallets or other exchanges to prevent future misuse.

Deposits made during the suspension period will be shown sequentially once services resume. However, they mentioned that processing may take extra time.

Withdrawals and deposits will resume in phases, starting with network digital assets that have completed wallet system inspections and confirmed security.

Staking requests and NFT deposits supported by resumed networks will be processed after service stability is verified.

Exchange covers all user losses from corporate reserves

Upbit pledged 100% coverage of user losses from its corporate reserves. The exchange immediately halted all deposits and withdrawals upon detecting the unauthorized transfers on November 27.

The company successfully worked with token foundations to freeze approximately $8.18 million worth of specific tokens like LAYER, making them worthless to attackers. The frozen assets represent roughly 22% of the total stolen amount.

Users should note potential price differences that occurred during the suspension period. For digital assets paid through airdrops, assets with ended trading support, or watchlist-designated tokens, only withdrawals will resume.

Assets that were suspended for separate reasons before the inspection may remain unavailable until those issues are resolved.