Upbit Hit by $30M Hack Less Than 24h After $10B Merger Announcement

South Korea’s largest crypto exchange barely had time to celebrate its historic merger with Naver before waking up to chaos.

In the early morning hours of November 27, just hours after Dunamu and Naver announced their $10 billion corporate integration, hackers struck Upbit’s hot wallet and siphoned out 44.5 billion KRW (~$30.4 million USD) in Solana ecosystem tokens.

The timing is impossible to ignore. The biggest corporate deal in Korea’s tech sector in years instantly made Dunamu a global headline, and apparently put a neon target over its infrastructure.

A Hack That Hit the Morning After

According to Dunamu’s official notice, the abnormal withdrawal occurred at 4:42 a.m. KST.

The attackers drained 24 different Solana-based assets (including SOL, RAY, JUP, and BONK) directly from Upbit’s hot wallet.

South Korean media outlets Chosun Ilbo and Yonhap News confirmed the event and detailed how quickly regulators reacted. The Financial Supervisory Service (FSS) deployed an emergency inspection team the same morning, with the investigation expected to run through December 5.

Upbit has already stated that all user funds will be fully covered using company assets.

The “Anniversary” Pattern No One Missed

Korean cybersecurity analysts immediately pointed out something chilling: November 27 is the anniversary of the infamous 2019 Upbit hack, a $50M theft attributed to North Korea’s Lazarus Group.

Professor Hwang Suk-jin and other experts noted that the precision, timing, and anniversary date all resemble the Lazarus playbook, especially given the group’s long history of targeting Korean exchanges and exploiting moments of corporate transition.

An exchange in the middle of a multi-billion-dollar merger is loud, distracted, and vulnerable. The attackers clearly understood the moment.

Weex Banner

Bigger Picture: A $10B Deal With a $30M Shadow

This hack lands right on top of one of the biggest crypto-adjacent business stories of the year, Naver absorbing Dunamu in a transformative deal that reshapes Korea’s tech landscape.

Upbit was supposed to enter the next chapter with stronger institutional backing, deeper resources, and greater stability. Instead, the first headline after the merger is a reminder that crypto infrastructure, even at the national level, remains an active battleground.

The implication is clear: when your company becomes a $10B target overnight, the attackers scale up too.

Bottom Line

Upbit has the reserves to absorb this loss, regulators are already inside the building, and users won’t eat the damage. The real story is the symbolism, a major exchange hit the morning after its biggest corporate announcement.

Whether it’s opportunism, timing, or a deliberate message, the Dunamu-Naver merger now has an unexpected sequel. And it begins with a breach.