Upbit Reopens Services After $37 Million Hack Tied to Lazarus

- Upbit will resume deposit and withdrawal services in phases, starting December 1, 2025. - The exchange will cover the $37 million in hack losses and ensures heightened security measures keep customer funds untouched. Upbit, South Korea’s leading cryptocurrency exchange, will reopen its deposit and withdrawal operations in phases, with services scheduled to resume at 1:00 PM KST on December 1, 2025. This decision follows a significant security breach where hackers stole $37 million in Solana-based assets. The exchange assured users that the breach did not impact their funds, as Upbit covered all losses with company reserves. On November 27, 2025, ZyCrypto reported that Upbit identified unauthorized access to its Solana hot wallet at approximately 4:42 AM KST, from which thieves stole SOL, USDC, BONK, and JUP tokens. In response, Upbit immediately suspended all deposit and withdrawal functions to prevent further exploitation and transferred remaining assets to secure cold wallets. Through subsequent collaborations with blockchain firms and law enforcement, Upbit successfully froze $8.18 million worth of the stolen LAYER tokens. On November 30, Cryptopolitan highlighted that South Korean authorities have launched an investigation into the breach. Preliminary findings link the attack to the North Korean-backed Lazarus Group, a notorious hacking collective allegedly responsible for a similar attack on Upbit in 2019. The breach coincides with major strategic plans at Upbit, including a merger with Naver Financial and preparations for a Nasdaq IPO, which may now face delays due to the ongoing investigations and regulatory scrutiny. According to a Traders Union report on November 30, the reopening process will prioritize specific tokens, beginning with Akash Network’s AKT and Ethereum-based tokens. As part of new security enhancements, users must also generate new deposit addresses before they can resume transactions. This cybersecurity breach exposed key vulnerabilities in centralized cryptocurrency platforms, especially the risks associated with using hot wallet storage. An AInvest report from November 30 noted that the incident will likely compel regulators to introduce stricter compliance standards for exchanges. Additionally, the hack will also likely accelerate the industry's shift toward decentralized custodial systems and advanced security solutions, such as AI-driven risk assessments. As of November 30 at 17:08 UTC, cryptocurrency market data reflected relative stability. Solana (SOL) was trading at $139.136, up 0.96%, while USD Coin (USDC) held steady at $1.00. Other stolen tokens included Bonk (BONK) at $0.00000000, down a slight 0.05%, and Jupiter (JUP) at $0.253, which rose 2.02%. The market's relative stability following the breach signals investor confidence in Upbit’s recovery efforts and its broader organizational resilience.