The upbit hack is only a few days old, but Upbit already has a preferred explanation: a cryptographic bug in its own Solana wallet stack that may have allowed attackers to infer private keys from biased signing data. Whether that story survives scrutiny matters more now than replaying the live-feed of funds leaving a hot wallet.
Upbit’s version of events: a nonce-bias exploit
In its latest update, Upbit says that while investigating the Solana hot wallet breach it found a serious flaw in its internal wallet system: a signing bug that could, in theory, expose private keys. The company claims that under certain conditions, signatures generated for Solana transactions leaked enough structure for an attacker analysing large numbers of them to recover the underlying key material.
A Korean cryptography professor, Jaewoo Cho, has since fleshed out that story in public. His view is that the breach likely stems from a “high-level mathematical exploit” against biased nonces in Upbit’s signing process: examine millions of Solana signatures, spot subtle patterns in the supposedly random values, and use that bias to reconstruct private keys. This is the same general class of failure that academic work has warned about for years when nonces are reused or only partially random.
Upbit says it has patched the flaw, rotated keys and hardened its processes, but stops short of formally confirming that this mechanism was the precise root cause of the breach. Regulators and independent analysts are still treating it as a leading hypothesis rather than a settled fact.
Reconstructing the upbit hack on Solana
The basic contour of the upbit hack is simpler than the nonce-bias discussion suggests. In the early hours of 27 November 2025, Upbit detected abnormal withdrawals from a Solana hot wallet and froze deposits and withdrawals on the network. Around 44.5 billion won in Solana-based assets – roughly 30 to 37 million dollars, depending on the price snapshot – were drained before controls kicked in.
On-chain data shows the attacker swept a basket of Solana ecosystem tokens, including SOL, BONK, JUP, RAY, PYTH, RNDR, ORCA, USDC and a long tail of smaller tokens, into fresh addresses and then across bridges into other networks. A small fraction was frozen quickly; most value moved beyond recovery within hours.
Officials in Seoul are working on the assumption that this was not a solo hobbyist discovering an RNG bug. Investigators have pointed again to North Korea’s Lazarus Group as the most likely operator, citing the familiar combination of a Korean exchange target, a hot wallet focus, a multi-chain laundering path and the awkward timing: almost exactly six years after Upbit’s 2019 Ethereum hot wallet breach, which was ultimately linked to Lazarus.
What the upbit hack tells us about CEX custody
Any centralised exchange that runs its own high-speed wallet stack is now effectively a bespoke cryptography shop. If its random-number generation, key storage or signing code is even slightly off, the error will be replicated across millions of signatures, giving a determined attacker plenty of material to work with. That is a hard standard to meet consistently, especially under commercial pressure for low latency and high throughput.
The upbit hack also underlines how little comfort there is in “we will reimburse you” as a long-term safety net. Upbit has promised to cover all losses from corporate reserves, as it did after earlier incidents, and it is large enough to do so this time. But that is still a discretionary business decision, not a protocol guarantee. Smaller venues can and do fail outright under similar stress.
For users, the trade-off is familiar: use exchanges for price discovery and short-term liquidity, and move longer-term holdings off-platform where you can. But self-custody is not trivial; plenty of people struggle with generating and storing private keys safely, or cut corners in ways that raise their own risk. For regulators and counterparties, the question now is whether a systemically important exchange should be running bespoke signing infrastructure on fast L1s without much tighter external oversight after yet another hot wallet failure.
Disclaimer
This article is for information and education only. It is not investment, legal, tax or financial advice. Always do your own research and consider speaking to a qualified professional before making financial decisions.
