On November 28, 2025, South Korea's largest cryptocurrency exchange Upbit was hacked for approximately $36 million (corrected to 445 billion won), becoming the largest security incident on an Asian platform this year. The hacker precisely targeted the hot wallet on the Solana blockchain, transferring 24 types of tokens in a single transaction, including SOL, USDC, BONK, JUP, PYTH, RENDER, ORCA, and other star assets, indicating a deep understanding of the internal architecture. Upbit immediately suspended deposits and withdrawals, transferred the remaining assets to a cold wallet for isolation, and promised to fully compensate users with its own funds, stating that the stolen losses would not affect user balances. On-chain monitoring shows that some of the stolen funds have already flowed into exchanges like Binance, and South Korean police and financial regulatory authorities have entered Upbit's headquarters for investigation, which is expected to continue until December 5. Notably, this is the second time Upbit has been hacked on the same day, November 27, in six years — in 2019, it suffered a loss of 342,000 ETH on the same day, confirmed to be carried out by North Korea's Lazarus Group. CryptoQuant's CEO pointed out that the technical difficulty of this attack is extremely high, stating, "No one except North Korea's Lazarus can achieve this." Despite the huge losses, Upbit's net profit for the first quarter is approximately $200 million, which means it can earn back the stolen amount in two weeks. The platform has promised compensation and continues to advance its $10.3 billion merger with Naver and its IPO plan in the U.S. This incident once again reminds us that exchange security remains a pain point in the industry, and users should enable cold wallets or choose multi-signature platforms to avoid concentrating assets in hot wallets. $BTC