Original|Odaily Planet Daily (@OdailyChina)
Early this morning, South Korea's largest CEX Upbit suffered a massive hacking attack, resulting in the loss of digital assets valued at approximately $36.8 million (54 billion KRW). The operator Doonamu has announced the confirmation of the theft and suspended deposit and withdrawal services on the platform, promising to fully cover user losses.
In South Korea, where cryptocurrency trading has become a trend, Upbit has always stood out with its extremely high trading volume and significant liquidity, with a market share that once reached 80%. Thanks to its deep liquidity pool in KRW, Upbit is also regarded as another leading exchange with a "listing effect" besides Binance, and is seen as the "preferred listing site" by many crypto projects. Recently, Upbit's parent company Dunamu is planning to merge with fintech company Naver Financial, with both parties set to form an entity valued at approximately $13.8 billion (200 trillion KRW) through a stock exchange. The occurrence of this security incident has also brought more uncertainty to the upcoming business developments.
In February of this year, Bybit suffered a theft loss of $1.5 billion, and the theft at Upbit, another leading platform, has once again raised concerns about the security of centralized exchanges. Odaily Planet Daily will summarize and briefly analyze the theft incident at Upbit in this article.
Upbit Theft of Over $36 Million in Assets, Involving Nearly 20 Tokens on the Solana Network
At 3:42 AM Beijing time today, Upbit's Solana hot wallet address suddenly experienced a massive outflow of funds.
At 11:33 AM, Doonamu CEO Oh Kyung-seok released the latest announcement on the official website, stating that the exchange had suffered a large-scale theft of funds, with a total value of 54 billion KRW, approximately $36.8 million. The deposit and withdrawal functions have been suspended, and user funds are assured to be unaffected. He emphasized that they would bear the losses incurred by this hacking incident for all customers.
Finally, he mentioned that the stolen assets included multiple tokens from the Solana ecosystem: DoubleZero (2Z), AccessProtocol (ACS), Bonk (BONK), Doodles (DOOD), Drift (DRIFT), Huma (HUMA), InternetOfThings (IO), Jito (JTO), Jupiter (JUP), Layer (LAYER), Magic Eden (ME), CatInEldritchWorld (MEW), Moodeng (MOODENG), Orca (ORCA), Pengu (PENGU), Pyth (PYTH), Ray (RAY), Render (RENDER), Solana (SOL), SonicSVM (SONIC), Soon (SOON), OfficialTrump (TRUMP), USDCoin (USDC), Wormhole (W).
Around 2 PM, Upbit's official update announcement was as follows:
- The scale of asset leakage related to the Solana network has been revised from 54 billion KRW to 44.5 billion KRW (approximately $30.43 million).
- The scale of frozen funds on the Solana network has been revised from approximately 12 billion KRW to approximately 2.3 billion KRW (approximately $1.57 million).
- This unconventional withdrawal confirmation occurred in Upbit's hot wallet, and the cold wallet's isolated assets were not breached or stolen.
Following the attack and Upbit's suspension of deposits and withdrawals, although the scale of stolen funds is much smaller than that of the Bybit theft case, it still had a series of short-term impacts on the crypto market.
Some Solana Ecosystem Tokens Surge Temporarily: ORCA Rises Over 109%
After the theft incident, several Solana chain tokens on the Upbit platform experienced a temporary surge, including:
- Orca surged by 104%;
- Meteora surged by 89%;
- Raydium surged by 51%, etc.
As of the time of writing, according to Upbit's website data, ORCA's daily increase is still at 109.49%; MET's daily increase is approximately 87%; RAY's daily increase is approximately 46%; DOOD's daily increase is approximately 42%. Regarding the specific reasons for the rise, Crypto Quant founder Ki Young Ju stated that after Upbit suffered a hacking attack and suspended withdrawals, it may have caused arbitrage bots to temporarily halt, allowing retail investors in South Korea to take advantage of the situation to push up the prices of various altcoins on the platform.
From this perspective, the concept of "stolen tokens" also holds in the South Korean crypto market, as stolen assets similarly attract a significant amount of market attention in a short period.
Stolen Funds Begin to Be Transferred, Binance Becomes One of the Inflow Destinations
According to Beosin Trace analysis, Upbit experienced an abnormal outflow of approximately $36 million in crypto assets on the Solana network, and the related funds have begun to be transferred across addresses.
Among them, a Binance exchange user address 2zRELfpr2K…C2S8 received 2202.72 SOL, valued at approximately $315,000, from multiple intermediary addresses after the incident.
According to South Korean media BlockMedia reports, after the Upbit security incident, the National Police Agency's Cyber Terror Investigation Team announced that it would conduct an on-site investigation at the headquarters of Upbit's operator Dunamu to investigate clues related to the Upbit hacking incident. The Financial Supervisory Service's Virtual Asset Regulatory Bureau has also joined the on-site inspection and stated: “We have been informed of this hacking incident and are currently investigating the origins of the hacking attack, the extent of the losses, and the measures taken to protect customer assets. We expect to continue the on-site inspection until next Friday (December 5).”
After experiencing a fine of up to 35.2 billion KRW (approximately $24.35 million) from South Korea's regulatory agency—the Financial Services Commission's Financial Intelligence Unit (FIU)—earlier this month, the timely follow-up after this theft incident may make Upbit and its operator Dunamu feel the dual pressure of "regulatory enforcement." This may also become a significant event following the tightening of regulatory policies and management of the crypto market by South Korean regulatory agencies.
Tightening South Korean Regulations and the Nationwide Cryptocurrency Trading Trend: When Upbit Becomes a Buffer Between Regulatory Agencies and Social Groups
It is worth mentioning that as young investors in South Korea and others have entered the cryptocurrency trading scene, the regulatory authorities in South Korea have gradually tightened their oversight of cryptocurrency exchanges and projects.
All Exchanges Face Regulatory Sanctions: Upbit Previously Fined Over $24 Million
Earlier this month, the Financial Services Commission's Financial Intelligence Unit (FIU) announced that it had completed a fine of 35.2 billion KRW (approximately $24.35 million) against Upbit's operator Dunamu. This penalty is reportedly a follow-up measure after the three-month suspension and disciplinary action against Dunamu's executives and employees on February 25 of this year. The reasons for the penalty include violations of the Specific Financial Information Act, involving trading with unreported virtual asset operators, failing to perform customer due diligence obligations, not implementing trading restrictions, and not reporting suspicious transactions.
In late November, the FIU imposed sanctions on several CEXs for violating anti-money laundering obligations, applying sanctions to exchanges based on the order of on-site inspections according to the "first in, first out" principle. After sanctioning Dunamu, the FIU plans to take measures against the remaining virtual asset exchanges. Previously, the Financial Supervisory Service (FSS) has conducted on-site inspections of Upbit, Bithumb, Coinone, Korbit, and GOPAX since last year to check their compliance with anti-money laundering obligations, such as customer identity verification (KYC) violations. The order of sanctions will follow the sequence of on-site inspections: Dunamu (August last year), Korbit (October), GOPAX (December), Bithumb (March this year), Coinone (April). However, given that Bithumb recently underwent additional on-site inspections due to order book issues, its sanction order may be delayed.
The sanctioning process will be similar to that of Dunamu, first determining personnel and institutional sanctions, followed by fines. Earlier this year in February, the FIU imposed an "accountability warning" on Dunamu's CEO under the Specific Financial Information Act and imposed a heavy penalty of "suspending new customer deposits and withdrawals for 3 months" on the institution; on the 6th, a fine of 35.2 billion KRW was levied.
The market expects that due to similar violations by other exchanges (such as KYC violations and failure to report suspicious transactions), the intensity of sanctions will also be close to that of Dunamu, making it difficult to avoid heavy penalties, with fines potentially reaching hundreds of billions of KRW. It is anticipated that the FIU's sanctions against the remaining four exchanges may be difficult to complete within this year, with most sanctions expected to conclude in the first half of next year (i.e., 2026).
It is worth mentioning that on the 24th of this month, Upbit plans to go public on NASDAQ in the U.S. after completing the merger; subsequently, the South Korean portal site Naver agreed yesterday to acquire Upbit's operator Dunamu through an all-stock transaction, with a transaction valuation of approximately $10.3 billion. Reports indicate that the transaction plan shows Naver's fintech subsidiary, Naver Financial Corp., will complete the acquisition by issuing 2.54 shares of new Naver stock for every 1 share of Dunamu stock held.
Behind the fervent capital mergers and increasingly strict regulatory environment is the increasingly frenzied and even uncontrollable "cryptocurrency trading craze" in South Korea.
The Current Situation of "Cryptocurrency Trading Craze" in South Korea: Korean Stars Misuse Public Funds for Trading, Famous Actress's Husband Loses 15 Billion KRW in Trading
According to data released by the analysis agency Kaiko in September this year, South Korea has become the world's second-largest cryptocurrency trading country, with nearly 1/3 of the South Korean population holding cryptocurrency positions on major exchanges; among them, traders aged 30 to 40 account for as much as 56%.
Despite this, for a South Korean society where wealth disparity is increasingly severe, trading cryptocurrencies remains merely a "high-risk game for the poor to try to turn their fortunes around." Data shows that users holding a total amount of less than 500,000 KRW (approximately 2,419 RMB) account for 66% of the total number of cryptocurrency users in South Korea, indicating a significant characteristic of "many retail investors, few institutions" in the market.
In addition to various retail investors and young people, the entertainment industry in South Korea naturally also features eye-catching stories of "celebrity trading."
In June of this year, the news that "Jeon Ji-hyun's husband lost 15 billion KRW in trading" briefly topped Weibo and Baidu's trending searches. According to South Korean media Chosun disclosed, Jeon Ji-hyun's husband, Choi Joon-hyuk, CEO of private equity fund operator Alpha Asset Management, suffered huge asset losses due to cryptocurrency—his company held shares in the listed company Wemade worth 35 billion KRW, which had its virtual currency Wemix delisted from exchanges like Upbit and Bithumb, leading to a significant drop in Wemade's stock price and subsequent ripple effects.
In August, South Korean prosecutors sought a 3-year prison sentence for actress Hwang Jung-eum, who was prosecuted for allegedly misappropriating company funds of 4.3 billion KRW (approximately $3.07 million) and investing in virtual currencies reported. Although her agency Y1 Entertainment previously stated that Hwang Jung-eum had repaid the debt, prosecutors sought a court sentence of 3 years in prison for her violation of the Specific Economic Crimes Aggravated Punishment Act (misappropriation).
This reflects the most helpless choice for young people in South Korean society—just as stated in the Korean film "Parasite," the sourness of the poor cannot be concealed.
For them, trading cryptocurrencies has become one of the few hopes for turning their fortunes around. Moreover, with the arrival of an aging society in South Korea, many elderly people have also become part of the cryptocurrency trading army. By the end of 2024, the number of cryptocurrency users over 60 in South Korea has reached 775,000.
Additionally, when asked, "What is the purpose of trading cryptocurrencies?" according to a survey by JoongAng in June this year, 40% of respondents stated that they buy cryptocurrencies for: "investment for retirement." A 45-year-old white-collar worker mentioned that he now invests 1 million KRW monthly in Bitcoin to prepare funds for his old age—"It's just like saving money."
However, for retail investors in the market, becoming wealthy may be more of a fleeting dream, and the outcome for many will likely be the total loss of their assets.
In the current tightening of regulatory policies and the increasingly narrow window of opportunity in the cryptocurrency market, after experiencing the shocking black swan event of Luna's collapse in 2022, the South Korean cryptocurrency market has helplessly entered a phase of "fishing in a dried-up pond." In the second half of the year, data showed that Upbit's stablecoin trading volume plummeted by 80%.
In the past, as a "cover" for social contradictions, exchanges like Upbit served as both a "stage" similar to a casino and a "factory" contributing to tax revenue and job creation. Now, this buffer zone faces various challenges, including regulatory fines, hacking thefts, and user attrition. What was once a buffer zone is now precariously close to collapse.
In the current turbulent cycle of the cryptocurrency market, hacking attacks may merely be a passive factor prompting exchanges like Upbit to comply with regulations; more importantly, the question before them is how to find new market increments and profit models after experiencing the industry's brutal growth phase.
For ordinary users, perhaps we should think more about how to ensure that our assets can escape disaster before suffering losses that exchanges cannot compensate for, similar to the level 5 fire that occurred yesterday at Hongfu Garden in Tai Po, Hong Kong.
Recommended Reading:
The Most Over-Competitive Country in East Asia, Everyone "Loans" to Trade Cryptocurrencies
Koreans Have Turned Cryptocurrency Trading into an E-Sport
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
