Yello Paradisers! South Korea’s biggest crypto exchange, Upbit, was hit by a major security breach early Thursday morning, almost exactly six years after the Lazarus Group pulled off a $50 million ETH heist on the same platform. This time, the damage came through Solana.

The first alerts were triggered when Upbit’s systems flagged irregular activity involving a Solana hot wallet. By 4:42 AM local time, approximately 54 billion KRW ($36.8 million) had been transferred to an unknown wallet. In a rare move, Upbit immediately froze deposits and withdrawals, throwing the platform into emergency mode.

Over 20 Tokens Affected, From Solana to Trump

Unlike previous hacks where a single token was targeted, this incident spread wide: SOL, USDC, TRUMP, RENDER, BONK, PYTH, RAY, ORCA and a batch of lesser-known Solana ecosystem and memecoins were all swept up.

One token in particular, LAYER, saw over $1.6 million worth already frozen. According to Upbit’s statement, a total of $8.18 million in LAYER has now been recovered, with efforts ongoing to trace and freeze the remainder.

The hack’s timing is also uncanny. It coincides with the planned merger of Dunamu (Upbit’s parent company) and Naver Financial, prompting some to speculate that the incident may have been timed to create maximum chaos during a high-profile corporate shift.

Customers Reimbursed — But Confidence Takes a Hit

In a public apology, Dunamu CEO Oh Kyung-seok promised full reimbursement, stating that Upbit’s reserves would cover all customer losses. The company did not confirm how the attacker breached its systems, nor did it offer a timeline for restoring platform services.

For users, that’s small comfort. In a country where crypto still bears the scars of multiple exchange collapses, this latest breach may reignite calls for tighter scrutiny and infrastructure overhauls.

One thing is certain: the hack has once again spotlighted the vulnerability of hot wallets, especially in altcoin-heavy ecosystems like Solana’s. Upbit’s rapid cold-storage migration was likely the right move, but for many, it came just a few minutes too late.

Watch out for the full breakdown in our MCP Stream, where MCP analyst will explore not just how this attack happened, but what it says about Solana security, centralized exchanges, and the future of Korean crypto regulation.

To gain access to daily signals, join ParadiseFamilyVIP, where serious traders get inside scoops, risk guidance, and pre-alerts that help you stay ahead of these moments.

And if you’re hungry for daily briefings like this one, plus raw alpha our public readers never get, subscribe to MCP News Private for just $3/month. That’s less than a bubble tea, and unlike tapioca pearls, our insights won’t leave you floating.