Upbit rocked by trillion-coin theft after delayed notification

Recent findings reveal that more than 1 trillion coins disappeared in just 54 minutes during the hacking attack that resulted in roughly 40 billion won in virtual asset losses at Upbit, South Korea’s largest cryptocurrency exchange. Dunamu, the operator of Upbit, reported the breach to financial authorities only after wrapping up its merger event with Naver Financial later that day, drawing criticism that the company intentionally stalled the disclosure.

According to data submitted by the Financial Supervisory Service to Rep. Kang Min-guk of the National Assembly’s Political Affairs Committee on Dec. 7, the Upbit breach unfolded over 54 minutes, from 4:42 a.m. to 5:36 a.m. on Nov. 27. In that brief window, approximately 1.04 trillion coins, worth about 44.6 billion won, were siphoned into unidentified external wallets across 24 different cryptocurrencies, including Solana (SOL). On average, the attackers stole the equivalent of 32.12 million coins, or roughly 13.7 million won, every second. Solana suffered the greatest hit, accounting for about 18.99 billion won, or 42.7 percent of the total damage.

Upbit held an emergency internal meeting 18 minutes after detecting the hacking attempt but did not inform financial authorities until six hours later. The company is now facing criticism for reporting the incident only after the merger ceremony between Dunamu and Naver Financial wrapped up that day.


신무경 기자 yes@donga.com