Important points:
- South Korean law enforcement has expressed concern over Binance’s slow response to Upbit’s request to freeze stolen assets. This happened after the world’s largest cryptocurrency exchange froze only 17% of the funds belonging to the Upbit hack.
- Last month, Upbit suffered a major security breach affecting its Solana wallet, resulting in approximately $36.8 million in assets being stolen from the platform. The hackers split the loot into smaller pieces and then transferred it to at least 1,000 wallets through token mixers and other networks to cover their tracks.
- On the day of the hack, Binance received approximately $370,000 worth of assets. However, the exchange froze only $75,000 of the total amount, citing internal policies. Binance took action to freeze the funds 15 hours after Upbit’s initial request.
- Security experts are now calling on regulators to impose bank-style liability and no-fault rules on crypto exchanges, and to establish a global hotline or agency empowered to take immediate action in times of crisis.
South Korean police say they have frozen only a small portion of the crypto assets stolen by Binance from Upbit, the country’s largest and most liquid company. Cryptocurrency trading platformmoved through the platform.
This has raised questions about response times and potential vulnerabilities in crypto platforms’ cooperation with law enforcement, amid an ongoing investigation.
Binance freezes just 17% of UpbitHack funds flowing into exchange, angering South Korean authorities
On November 27, Upbit suffered a major security breach that resulted in the unauthorized transfer of approximately $36.8 million in Solana-based assets, including SOL, USDC, and other tokens. Security analysts pointed out that the hacker group behind this operation was targeting exchanges. solana wallet They then executed a sophisticated laundering strategy that quickly moved the stolen funds to over a thousand wallets.
The hackers repeatedly split the funds into smaller amounts and then moved them through multiple chains and token bridges, obscuring their trail. Most of the assets were exchanged into ETH to take advantage of the liquidity and depth of the Ethereum market.
Upbit immediately initiated emergency security protocols. This includes suspending all transactions, conducting comprehensive postmortems, and liaising with law enforcement and blockchain security firms to track and freeze stolen assets. The company has also launched a reward system that offers 10% of recovered assets as compensation for assistance.
The exchange then moved all assets to cold storage and promised to fully repay affected users from the cooperative’s reserves.
On the day of the attack, approximately $370,000 worth of assets flowed into a wallet linked to Binance, and the transaction was confirmed by the exchange. Upbit and South Korean police requested an immediate freeze on Binance, but argued that Binance only froze about $75,000 of the total amount and needed additional verification before taking further action.
Binance just froze the assets 15 hours after Upbit’s initial request, and when asked by the media about the delay, the company declined to go into further detail, citing its policy regarding ongoing investigations. The case highlights legal gaps that remain in the cryptocurrency industry, as current law does not require exchanges to be held responsible in the event of a hack.
Industry experts urge regulators to strengthen exchange compliance laws, recommend bank-style rules
However, Binance’s response was not welcomed by Korean industry experts. Cho Jae-woo, director of Hansung University’s Blockchain Research Institute, emphasized the need for prompt intervention to minimize the damage caused by hacking. He argued that exchanges often cite litigation risk as an excuse for hesitating at key moments.
Mr. Jae-woo also called for the creation of a global emergency hotline among virtual currency exchanges and partner institutions in times of crisis, and for them to be empowered to impose immediate fund freezes in times of crisis.
Governor Lee Chang-jin Financial Supervisory Agency South Korea’s Financial Services Agency (FSS) has called for the introduction of bank-grade liability and no-fault rules for virtual currency exchanges to strengthen investor protection.
Upbit moves 99% of customer assets to cold storage, far beyond legal limits
Upbit has since moved 99% of its customer assets into cold storage, launching one of the strongest responses ever by a major company. cryptocurrency exchange. Dunamu, which operates Upbit, said the exchange will eventually reduce its exposure to hot wallets to zero. South Korean regulations require 80% of digital assets belonging to customers to be stored offline, and Upbit’s allocation far exceeds the legal limit.
Prior to the November hack, the exchange already had over 98% of customer funds in cold storage and has since taken significant steps to improve its security protocols. As of December 8, the exchange had successfully recovered approximately $1.77 million in stolen funds that were frozen across various platforms.
South Korea’s largest crypto exchange, Upbit, has announced it will increase the proportion of user assets stored in cold wallets (offline) to 99%, reducing the hot wallet proportion to 0%, following the theft of 44.5 billion KRW from its hot wallet by hackers. The wallet system…
— Wu Blockchain (@WuBlockchain) December 10, 2025
Meanwhile, authorities have stepped up their search for the remaining assets, with some reports linking the operation to the notorious North Korean hacker group Lazarus. The incident has led to increased scrutiny of the security of virtual currency exchanges and could lead to stronger domestic regulations, including mandatory proof of reserves, stronger incident reporting, and broader cybersecurity oversight.
Also read: Binance adds new trading pair for Trump family USD1 stablecoin
