As of mid-afternoon South Korea time, Solana-based tokens traded with double-digit gains on Upbit following a hack that stole roughly 44.5 billion won ($32 million).
CryptoQuant CEO Ki Young Ju noted that Korean traders began bidding up altcoin prices as arbitrage bots, which normally keep Korean and international prices aligned, stopped operating.
The service suspension created an immediate disconnect between Korean and global crypto markets.
As of mid-afternoon local time, ORCA traded at a 95.6% premium to global prices on Upbit, while Meteora traded at an 82% premium and Raydium at a 46% premium, according to exchange data.
The divergence reflects how heavily Korean retail relies on Upbit, which processes the majority of the country’s digital asset volume.
Without active arbitrage keeping Korean won-denominated pairs in line with the dollar markets, local buy pressure drove premiums across Solana ecosystem tokens affected by the breach.
Upbit hit with hack
South Korean exchange Upbit suspended digital asset deposits and withdrawals on Nov. 27 after detecting unauthorized transfers in Solana network tokens from a hot wallet.
The breach occurred around 4:42 a.m. local time when 24 Solana-based assets, including SOL, JUP, ORCA, and BONK, moved to undesignated external wallets.
Upbit confirmed cold wallet holdings were not compromised and immediately moved all remaining assets to secure cold storage. CEO Oh Kyung-seok pledged to cover the full loss using the platform’s own reserves.
The exchange froze approximately 2.3 billion won worth of Solayer on-chain and continues tracking the remaining funds in cooperation with project teams and law enforcement.
Dunamu, Upbit’s operator, revised its initial damage estimate downward from 54 billion won after recalculating asset prices at the time of the breach.
Oh stated that customers will face no losses and that a comprehensive security review of the entire deposit and withdrawal system is underway before services resume.
Cold storage holds, but hot wallet design questioned
Upbit’s statement stressed that the breach affected only a hot wallet used for operational liquidity and that segregated cold wallet reserves remained intact.
The exchange did not disclose technical details of how the unauthorized withdrawals occurred or whether the breach stemmed from compromised private keys, infrastructure vulnerabilities, or insider access.
As of press time, no post-mortem has been released. Upbit asked users to report suspicious activity through its customer center and said it is cooperating with investigative authorities.
The exchange plans to resume deposit and withdrawal services sequentially as security reviews confirm system stability.
South Korea’s Financial Services Commission has not yet issued a public statement on the breach. Upbit operates under the country’s Virtual Asset Service Provider framework and is required to maintain reserve ratios and segregate customer funds, though enforcement of these requirements has varied.
The $32 million loss ranks among the larger exchange breaches of 2025 but remains far below the scale of historical hacks like Mt. Gox, the $600 million Ronin bridge exploit, or the $1.4 billion exploit on Bybit.
Upbit’s decision to freeze Solayer tokens on-chain illustrates one of the few recourse mechanisms available when assets move to identifiable addresses. However, the majority of the stolen funds remain unrecovered.
Upbit has not provided a timeline for restoring normal operations. The exchange said safety confirmation will determine when deposit and withdrawal services resume, with no specific date given for completing the security review.
The post Solana tokens rip on Upbit after $32M hack due to halted arbitrage appeared first on CryptoSlate.
