Repeat cyberthefts raise questions about Upbit's security governance

Upbit's headquarters in Seoul / Yomhap

Dunamu CEO Oh Kyoung-suk / Yonhap

Investor confidence has been shaken after Upbit, Korea's largest cryptocurrency exchange, suffered a cybertheft that drained about 44.5 billion won ($30.3 million) in assets despite years of security outsourcing and consulting, industry officials said Monday.

According to Rep. Kang Min-kuk of the main opposition People Power Party, Upbit operator Dunamu carried out 33 security consulting projects between 2019 and November this year, spending approximately 17 billion won. The services included vulnerability assessments, penetration testing and phishing simulations. The company also signed 11 IT security contracts worth an additional 2.8 billion won.

Yet, this significant investment volume failed to prevent a Nov. 27 cyberattack that siphoned Solana-based coins at a peak rate of 32.1 million units per second.

It was the second major breach targeting Upbit. In 2019, the North Korea-linked Lazarus Group allegedly stole 58 billion won in Ethereum from the platform. Both attacks compromised the exchange’s hot wallet — a type of digital wallet connected to the internet.

"This made me realize once again that even a major exchange like Upbit isn't completely safe," an individual investor wrote on an online crypto forum. "Full compensation doesn’t solve the underlying problem: poor security."

Kang criticized Dunamu for managing its information security budget on an ad hoc basis. Despite its size, Upbit had no dedicated budget for cybersecurity, relying instead on department-level requests and approvals.

"Financial authorities must investigate whether the breach stemmed from structural vulnerabilities in the Solana platform or flaws in Upbit's own system," Kang said.

The incident comes at a sensitive time for Dunamu, which is in the midst of a high-stakes takeover deal by Naver Financial aimed at building a global digital infrastructure combining payments, AI and Web3. The breach could complicate regulatory approval, which is still under review.

"We deeply apologize for the distress caused by this cyberattack," Dunamu CEO Oh Kyoung-suk said in a public statement. "There is no excuse. The breach resulted from deficiencies in our own security management."

Oh added that a comprehensive review of all security systems is now underway. "We will use this incident as a catalyst to strengthen our security architecture and implement robust measures to prevent any recurrences."

Upbit said Monday that it has frozen 2.6 billion won of the stolen assets and plans to offer full compensation of about 38.6 billion won in customer funds, part of the 44.5 billion won lost in the breach. To accelerate recovery efforts, the exchange is working with the global digital asset community and offering a 10 percent bounty on any recovered funds.

Meanwhile, financial authorities are stepping up efforts to strengthen accountability standards across cryptocurrency exchanges, which currently face no legal obligations to pay penalties or provide mandatory compensation in the event of a cybersecurity incident.