Upbit Deletes All Old Deposit Addresses After 44.5 Billion Won Hack

South Korea’s largest crypto exchange, Upbit, has deleted all existing deposit addresses and told users to generate new ones after a recent security breach that drained about 44.5 billion Korean won in digital assets. The move comes as the platform restores services following the Nov. 27 hack targeting Solana-based tokens.

Users Must Issue New Deposit Addresses After Breach

Upbit said it removed every old deposit address from its system as part of wallet maintenance and security hardening. As a result, all customers now need to request fresh deposit addresses inside their Upbit accounts before sending any funds. Old addresses will no longer function and may cause delays or failed deposits if used.

The update follows a hack discovered on Nov. 27, when attackers moved Solana-network assets from Upbit hot wallets to an unauthorized address. The exchange estimates the loss at about 44.5 billion won, or roughly 30–36 million dollars. The incident led Upbit to suspend deposits and withdrawals while it shifted remaining funds into cold storage and reviewed its wallet systems.

Upbit has begun reopening deposits and withdrawals in phases for selected assets and networks after completing security checks. At the same time, it has urged users to delete any previously saved Upbit deposit addresses from personal wallets or other exchanges to prevent misuse and to rely only on the new addresses issued after the maintenance.

Upbit Pledges Full Coverage as Regulators Probe Solana Hack

Upbit said it will cover all affected customer funds from its own corporate reserves, so users will not bear any direct loss from the Solana hot wallet breach. The exchange’s parent company, Dunamu, confirmed that member assets made up the bulk of the stolen funds and that company holdings will absorb the impact while services come back online.

The company added that it has already frozen part of the stolen tokens in cooperation with project teams and blockchain analytics firms. Those frozen assets represent a slice of the overall damage and remain locked while investigators track the remaining coins on-chain and monitor any attempts to move or cash them out.

South Korean authorities, including the Korea Internet and Security Agency and the Financial Supervisory Service, have opened a formal probe into the incident. Local reports say investigators are examining whether the attack is linked to North Korea’s Lazarus Group, which has been tied to earlier crypto hacks. Upbit said it is overhauling its wallet infrastructure and security procedures and will keep phased limits in place until the review is complete.