Upbit Solana Hack: 100 Billion Tokens Stolen, Exchange Delay Avoids Penalties
Hackers siphoned more than 100 billion tokens from Upbit in just 54 minutes, exploiting a flaw in Solana asset-handling. During this brief window, roughly 44.5 billion won (~$30.6 million) in digital assets were funneled into unknown external wallets. Yet the exchange notified authorities only six hours after detecting the breach — and regulators now find themselves unable to impose penalties because of a gap in current legislation. According to data the Financial Supervisory Service provided to Assemblyman Kang Min-guk, the attack began at 4:42 a.m. and ended at 5:36, affecting 24 Solana-ecosystem tokens. On average, the attackers were stealing 32 million coins per second.
The greatest volume fell on the BONK token — more than 103.1 billion coins, accounting for over 99% of all stolen assets, though in monetary terms the largest loss was tied to Solana itself: nearly 1.9 billion won (~$1.3 billion). Significant damage was also incurred by Pudgy Penguin, Official Trump, and other assets. The response timeline shows that by 5:00, Upbit had convened an emergency meeting; within minutes it restricted operations involving Solana-based assets, and by 8:55, all trading was halted. Even so, the first official notice to the financial regulator was not sent until 10:58.
Despite the delay, penalizing the exchange is nearly impossible: existing rules contain no provisions allowing direct sanctions against virtual-asset operators for security incidents. The FSS is conducting an on-site investigation, but the prospect of meaningful measures remains uncertain. Upbit maintains that no users suffered losses: the company claims it reimbursed the entire stolen amount and notified authorities as soon as the breach was conclusively verified.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
