Upbit, a South Korean cryptocurrency exchange, lost approximately 342,000 ethereum worth $49 million in an abnormal transaction that transferred funds from the exchange's hot wallet to an unknown address on November 26.
Upbit, one of South Korea's largest cryptocurrency exchanges, suffered a major security breach resulting in the theft of approximately 342,000 ethereum worth $49 million. The hack marked the seventh significant cryptocurrency exchange security incident during 2019, underscoring persistent vulnerabilities affecting digital asset custodians worldwide.
The theft occurred when an attacker transferred 342,000 ethereum from Upbit's hot wallet to an unrecognized external address shortly after 1 p.m. local time on November 26. The entire transaction completed within minutes, suggesting the attacker possessed direct access to the exchange's wallet systems or held credentials enabling high-level transactions. The speed of the theft prevented immediate intervention or reversal of the funds.
Upbit's management discovered the breach and immediately suspended all transfer services across the platform. Lee Seok-woo, Upbit's chief executive officer, publicly confirmed the incident and assured customers that the company would cover all losses from the hack using its own assets. The statement aimed to restore confidence among users concerned about the security of their funds held on the exchange.
The exchange moved aggressively to secure remaining customer assets. Upbit transferred all virtual currencies to cold storage wallets, which are kept offline and resistant to remote attacks. The shift from hot wallet operations to cold storage represented a temporary but comprehensive change in operational procedures designed to prevent additional thefts while security reviews progressed.
Cryptocurrency analysts noted that 2019 had witnessed an unusually high number of exchange security breaches. Earlier incidents in the year had affected major platforms including Binance in May, BiTrue in June and Bitpoint in July. The recurring pattern of successful attacks raised questions about whether exchanges were adequately investing in security infrastructure and personnel.
Law enforcement agencies in South Korea and internationally began investigating the theft immediately. Subsequent investigations determined that North Korean hacking groups, including Lazarus and Andariel, bore responsibility for the Upbit breach. The attribution highlighted the involvement of state-sponsored actors in cryptocurrency theft operations and their ongoing focus on high-value digital asset targets.
Upbit's response included cooperation with security firms and law enforcement to trace stolen ethereum across blockchain networks. The exchange also implemented additional security measures including enhanced monitoring systems and increased use of air-gapped cold storage solutions. The incident prompted broader industry discussions about security best practices and regulatory requirements for exchanges handling customer assets.
