{"id":63724,"date":"2025-11-28T15:34:49","date_gmt":"2025-11-28T15:34:49","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/emergency-audit-after-the-upbit-hack-reveals-internal-wallet-flaw\/"},"modified":"2025-11-28T15:34:49","modified_gmt":"2025-11-28T15:34:49","slug":"emergency-audit-after-the-upbit-hack-reveals-internal-wallet-flaw","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/emergency-audit-after-the-upbit-hack-reveals-internal-wallet-flaw\/","title":{"rendered":"Emergency audit after the Upbit hack reveals internal wallet flaw"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison )<\/b><br \/>\n<\/p>\n<div data-site=\"CoinJournal\">\n<div class=\"-mt-16  mb-8  lg:-mt-20  rounded-md  shadow-md\">\n<div class=\"relative  z-10  post-article-image  rounded  overflow-hidden\" data-site=\"CoinJournal\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image6-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image6-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image6-smartcrop-750x375.png\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image6-smartcrop-363x181.png\" type=\"image\/jpeg\"\/>\n<\/picture>                            <\/div>\n<\/p><\/div>\n<ul>\n<li>Upbit patched a wallet flaw after a $30M Solana-related hack.<\/li>\n<li>Withdrawals were halted, and stolen funds were partly frozen following the attack.<\/li>\n<li>Authorities probe possible Lazarus Group involvement.<\/li>\n<\/ul>\n<p>South Korea\u2019s largest cryptocurrency exchange, Upbit, has revealed a serious internal wallet vulnerability while conducting an emergency audit in the wake of a $30 million hack.<\/p>\n<p>The discovery comes as the company continues to investigate irregular Solana-based withdrawals that triggered the security review, raising concerns about potential risks to private keys within the platform\u2019s wallet system.<\/p>\n<h2>Flaw discovered after emergency audit<\/h2>\n<p>The emergency audit, launched following the detection of abnormal activity on Nov. 26, uncovered a flaw in Upbit\u2019s internal wallet software that could allow attackers to mathematically derive private keys by analysing blockchain transactions.<\/p>\n<p>CEO Oh Kyung-seok, in a <a href=\"https:\/\/upbit.com\/service_center\/notice?id=5803&amp;view=share\">published announcement<\/a> after the audit, explained that while blockchain data is normally public but secure, the company\u2019s own wallet implementation produced weak and predictable signature data, creating the theoretical risk.<\/p>\n<p>Upbit emphasised that the flaw was discovered only after the systemwide review and did not appear to be directly linked to the hack itself.<\/p>\n<p>The exchange has since patched the vulnerability and conducted a comprehensive inspection of all related networks and wallet systems to ensure no further weaknesses remain.<\/p>\n<h2>Upbit to cover all losses using its own reserves<\/h2>\n<p>The Upbit hack, which resulted in losses totalling roughly 44.5 billion KRW, including approximately 38.6 billion KRW in customer assets, prompted immediate action from the exchange.<\/p>\n<p>Withdrawals were suspended, and remaining assets were moved to cold storage to prevent further losses.<\/p>\n<p>About 2.3 billion KRW of the stolen funds, equivalent to around $1.5 million, has already been frozen.<\/p>\n<p>Oh Kyung-seok described the situation as a reminder that no security system can be considered completely infallible.<\/p>\n<p>Kyung-seok has assured customers that Upbit would cover all losses using its own reserves and pledged to strengthen security measures across the platform.<\/p>\n<p>The exchange has committed to resuming deposits and withdrawals only after the final verification of its wallet systems.<\/p>\n<h2>South Korean authorities are investigating the hack<\/h2>\n<p>South Korean authorities have launched an investigation into the incident, with early intelligence <a href=\"https:\/\/www.kryptnews.com\/north-koreas-lazarus-group-allegedly-involved-in-30m-upbit-hack\/\">reports<\/a> pointing to potential involvement by the North Korea-linked hacking group Lazarus.<\/p>\n<p>While Upbit and regulators have not publicly confirmed this, the company continues to collaborate with law enforcement and blockchain projects to recover and freeze stolen assets wherever possible.<\/p>\n<p>The incident has prompted Upbit to conduct a broader security review of its entire infrastructure.<\/p>\n<p>The exchange noted that irregular withdrawals from <a href=\"https:\/\/coinjournal.net\/news\/south-koreas-upbit-hack-puts-spotlight-on-solana-security-and-exchange-safeguards\/\">Solana-related wallets<\/a>, including tokens such as ORCA, RAY, and JUP, served as a catalyst for the emergency audit and subsequent vulnerability discovery.<\/p>\n<p>By conducting a full overhaul of wallet systems, Upbit aims to prevent similar breaches in the future.<\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/coinjournal.net\/news\/emergency-audit-after-the-upbit-hack-reveals-internal-wallet-flaw\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison ) Upbit patched a wallet flaw after a $30M Solana-related hack. Withdrawals were halted, and stolen funds were partly frozen following the attack. Authorities probe possible Lazarus Group involvement. South Korea\u2019s largest cryptocurrency exchange, Upbit, has revealed a serious internal wallet vulnerability [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":63725,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/63724"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=63724"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/63724\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/63725"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=63724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=63724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=63724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}