• Upbit found a wallet flaw as it investigated a major crypto theft and moved fast to secure its systems.
• The exchange halted activity and rebuilt wallet tools while confirming losses and protecting customer funds.
• Officials launched a review to understand the breach and assess risks across South Korea’s crypto sector.

Upbit reported a critical wallet vulnerability during its investigation of a recent $30 million theft. The company confirmed that its internal wallet software produced weak signature data under certain conditions. The flaw allowed predictable patterns to appear in some past transactions. 

Those patterns could enable mathematical analysis that revealed parts of certain private keys. Private keys normally remain hidden during blockchain activity. However, the weakness created a rare case where some data became partially inferable. The issue surfaced after Upbit launched a full review of its systems following irregular withdrawals detected on November 27.

Emergency Response and Containment Measures

Upbit’s security team repaired the flaw soon after it was identified. The company halted deposits and withdrawals as part of an emergency response plan. The platform also began a final inspection of its wallet systems before reopening services. Upbit reported that they had lost nearly 44.5 billion KRW, which is approximately $30 million. 

The total customer assets that were involved in the incident were approximately 38.6 billion KRW equivalent to almost $26 million. The company suspended about 2.3 billion KRW linked to unauthorized transactions. Upbit moved remaining funds from the exposed wallets into cold storage. The platform then started rebuilding parts of its wallet infrastructure to prevent further leaks.

Scope of the Breach and Asset Impact

The unauthorized withdrawals affected Solana ecosystem assets. The impacted tokens included SOL, ORCA, RAY, JUP and several others. Monitoring bots listed abnormal movements during the incident. Upbit suspended withdrawals on November 26 after noticing the irregular outflows. 

The company reviewed its networks, wallet architecture and internal security tools during the inspection. The trade ensured a complete refund of customers by the corporate reserves. Researchers are currently examining the interplay of the vulnerability and the breach and whether it facilitated the theft.

Corporate Outlook and Government Review

Upbit is South Korea’s largest cryptocurrency exchange by trading volume. It is operated by Dunamu, which is preparing for a merger with Naver. Naver is one of the country’s largest internet conglomerates. Dunamu insisted that the breach did not have an impact on its merger or listing plans. Moreover, South Korea’s Dunamu formed a strategic alliance with Vietnam’s Military Bank to establish the country’s first national crypto exchange.

South Korean leaders have initiated an investigation into the incident. Jurisdictions are investigating the illegal withdrawals and internal defects reported by the company. The review aims to clarify the timeline of the breach and assess broader security risks within local digital asset platforms.