South Korea’s largest crypto exchange, Upbit, is pushing almost all customer assets into cold storage after a major hack on its Solana hot wallet, in one of the most aggressive security pivots yet by a big trading platform.
Operator Dunamu said it will lift the share of user funds held in cold wallets to 99% and cut hot wallet exposure to effectively 0%, after hackers stole 44.5B won, about $30m, from a connected wallet.
The overhaul takes Upbit well beyond South Korea’s Virtual Asset User Protection Act, which requires exchanges to keep at least 80% of customer deposits offline.
Upbit Pushes Hot Wallet Usage Down After Security Review
Cold wallets store digital assets while disconnected from the internet, making them far harder to breach but also slower to move. Hot wallets sit online to process deposits and withdrawals in real time, which makes them convenient for users but a prime target for attackers.
For traders, a 99% cold ratio means a much smaller pool of funds is exposed if a hot wallet is ever compromised again.
In a press statement on Wednesday, Dunamu disclosed that as of the end of Oct. 2025, Upbit held 98.33% of customer assets in cold wallets and 1.67% in hot wallets.
Even before the hack, that was the lowest hot wallet share among domestic exchanges, with rivals keeping cold ratios in a range of roughly 82% to 90%, according to data released by lawmaker Heo Young.
Upbit said it maintained its cold share above 98% despite rising crypto prices and heavier flows from new listings, and has now completed a review and overhaul of its wallet infrastructure.
The company plans to drive the hot wallet ratio down to zero as it tightens its security posture.
Attack Involving Solana Assets Forces Emergency Security Response
This move follows a hack worth initially about 54B won, roughly $36M, on the Solana network, which Upbit later refined to a loss estimate of 44.5B won after an internal review.
A detailed breakdown put 38.6B won, about $26.2M, down as direct user losses, which the company has pledged to fully reimburse from its own reserves.
Tokens affected in the attack included Solana’s SOL as well as ORCA, RAY and JUP, the exchange said. Once abnormal withdrawals were detected, Upbit halted activity, shifted remaining assets into cold storage and began a forensic investigation of its systems and on chain flows.
Proposed Standards Would Require Compensation For Hacks Regardless Of Fault
Oh said engineers discovered a weakness in the exchange’s wallet software that could have allowed attackers to infer private keys by analysing public blockchain data, although Upbit has not confirmed whether that specific vulnerability was used in the breach. The company’s response suggests it is treating hot wallet exposure itself as a systemic risk that needs to be minimised, not just patched.
For the wider industry, the episode is feeding into a regulatory rethink. South Korea’s Financial Services Commission is considering rules that would impose bank-level liability standards on major crypto exchanges after the Upbit incident, including mandatory compensation for hacking and system failures regardless of fault, mirroring obligations already placed on banks and electronic payment firms under the country’s electronic financial transactions law.
If those rules take shape, exchanges operating in Korea will need both stronger security architectures and deeper capital buffers to absorb losses, bringing them closer to the expectations placed on traditional financial institutions.
Upbit’s near total shift to cold storage shows how far a leading platform is now willing to go to reassure users that their coins will not be left sitting online as an easy target.
The post Upbit Moves Most User Funds to Cold Storage After $30M Hot Wallet Hack appeared first on Cryptonews.
