Upbit Hack Update: Exchange Identifies Hidden Wallet Flaw As Cause of $30M Exploit

tform Upbit said it discovered and repaired a critical wallet vulnerability while investigating the $30 million theft that struck the South Korean cryptocurrency exchange this week. The company confirmed the flaw but said it has not established whether the weakness contributed to the breach.

Upbit Flags Wallet Bug Exposing Signature Weakness

In a statement released Friday, Upbit CEO Oh Kyung-seok said investigators identified a defect that could have allowed observers to analyze public blockchain transactions and infer certain private keys. He said the flaw came from Upbit’s internal wallet software, which produced weak signature data under specific conditions.

Private keys are not revealed through normal blockchain activity. They remain hidden by design. However, Upbit said the bug created a rare case where predictable signature patterns appeared in past wallet transactions. The company said those patterns could have made parts of some private keys recoverable through mathematical analysis.

Upbit said the vulnerability surfaced only after the company began a systemwide review. The audit started when the exchange detected irregular withdrawals from Solana ecosystem crypto assets wallets on Nov. 27. Officials said the inspection covered networks, wallet architecture, and internal security tools.

The company said its security team fixed the vulnerability soon after discovery. The exchange launched an emergency plan by shutting down deposits and withdrawals. Oh said the platform will reopen services after conducting one final inspection of all wallet systems and internal infrastructure.

The exchange said it had confirmed losses of around 44.5 billion KRW, or roughly $30 million. Customer assets totaled approximately 38.6 billion KRW (that’s almost $26 million). The platform said it had already suspended 2.3 billion KRW, or about $1.5 million, associated with the unauthorized transactions.

Platform Escalates Security Review

The platform added that it is conducting a more comprehensive investigation into its systems as part of its response. The exchange said it would reimburse all customer losses with its own reserves, and will update as the investigation proceeds.

The exchange suspended withdrawals on Nov. 26 after noticing irregular outflows of Solana-related tokens. The assets of SOL, ORCA, RAY, JUP and a few other tokens were listed on bots. The company swept remaining funds in the exposed wallets to cold storage and started rebuilding parts of its wallet infrastructure a few days later.

Upbit is South Korea’s largest cryptocurrency exchanges by trading volume. It is developed by a leading fintech company, Dunamu. Dunamu is readying for a merger with Naver, Korea’s largest internet conglomerate, as part of an expected public listing. Company said that the breach did not disrupt those plans.

South Korean officials have opened an investigation into the incident. Authorities are reviewing the unauthorized withdrawals and the internal wallet flaw disclosed by the company.