A sudden drop in XRP balances across major crypto exchanges has led to speculations about how this might affect the cryptocurrency’s price action. The movement was highlighted by analyst Vincent Van Code, who explained that the transfers are not simply a sign of long-term holders scooping up supply.
Instead, he pointed to the expanding influence of newly launched Spot XRP ETFs, which are now absorbing a significant share of market activity that once took place on retail platforms.
ETF Demand Is Pulling Liquidity Away From Exchanges
Van Code noted that billions of XRP leaving Binance, Upbit, and Kraken are largely flowing into ETF custodial wallets. This changes the way the market reacts to buying and selling pressure because retail exchanges now operate with thinner liquidity. When daily trading volume on those platforms averaged around the multi-billion-dollar range, it required very large orders to create noticeable price movement.
Now that volume has contracted, even moderate-sized trades can produce sharp intraday swings. The effect is a market environment that is fundamentally supported by ETF buying, yet increasingly sensitive to smaller sell-offs or sudden bids.
Even as exchange liquidity drops, Van Code noted that high-frequency trading firms are preventing price dislocations. These groups have already mastered the arbitrage models used in Bitcoin and Ethereum ETFs, and they have now adapted the same systems for XRP.
Whenever the ETF price drifts above or below its underlying value, the bots immediately correct the gap, keeping both markets tightly aligned. This mechanism makes sure that XRP still gets purchased during ETF creation events and provides a layer of structural stability, even though retail charts may begin to show more frequent spikes and dips.
What This Means For XRP’s Approach To New Price Highs
In Van Code’s view, the long-term picture for XRP is strengthened by this shift, even though the short-term experience for traders may become more uncomfortable. When XRP enjoyed daily spot volumes in the range of $2 billion to $3 billion on exchanges, you would typically need more than $200 million in concentrated buying or selling to push the price 5% to 10% in either direction.
Now that on-exchange volume has dropped toward levels below $1 billion a day, the equation looks very different. A sell order or resistance wall of around $15 million can now swing XRP by roughly 12% to 18% within a single hour in these thinner conditions. However, the saving grace is these arbitrage bots.
According to the analyst, XRP is still on track to reach $5. However, until the price adapts to reduced spot volume on exchanges, traders should be prepared for air pockets up to 20% in price, where relatively modest buy or sell flows can cause outsized moves.
Upbit will resume digital asset deposits and withdrawals on December 1 at 1:00 PM KST following a $37 million hack that targeted Solana-based assets. The South Korean exchange announced that all existing deposit addresses have been deleted, and users must…
South Korea’s largest cryptocurrency exchange, Upbit, said it uncovered and repaired a serious flaw in its internal wallet system while investigating the recent $30 million theft from the platform.
Key Takeaways:
Upbit found and fixed a wallet flaw that could have exposed private keys, but has not confirmed it caused the $30M hack.
The breach drained about 44.5 billion won, while roughly 2.3 billion won has already been frozen.
The exchange halted activity, moved funds to cold storage, and pledged full reimbursement.
In a statement released Friday, Upbit CEO Oh Kyung-seok disclosed that engineers identified a weakness in the exchange’s wallet software that could have allowed attackers to infer private keys by studying publicly available blockchain data.
However, the crypto firm has not confirmed whether the vulnerability played a role in the breach.
Upbit Says Internal Wallet Bug May Have Exposed Private Keys
The flaw did not stem from the blockchains themselves but from how Upbit’s wallet software generated cryptographic signatures.
According to the exchange, the issue may have produced weak or predictable signing data, creating the possibility that a sophisticated attacker could mathematically reconstruct wallet keys by analyzing historical transactions.
“We identified and addressed the vulnerability during a comprehensive inspection of all related networks and wallet systems,” Oh said, adding that the company activated emergency response protocols and halted all withdrawals and deposits until systems were verified as secure.
Upbit stopped onchain activity on November 26 after detecting abnormal outflows from its Solana-based hot wallets.
Tokens impacted included SOL, ORCA, RAY and JUP, the exchange said. Assets were quickly transferred to cold storage while forensic reviews began.
Losses totaled an estimated 44.5 billion won ($30 million), including about 38.6 billion won ($26 million) in customer holdings.
Upbit says attackers might have inferred private keys by analyzing user wallet address patterns. If true, I doubt anyone other than North Korean hackers (Lazarus) could do this. pic.twitter.com/cS4I8okrVb
The exchange confirmed that approximately 2.3 billion won ($1.5 million) in funds have already been frozen through coordination with external parties.
Upbit emphasized that it has not established a direct link between the wallet vulnerability and the theft. The issue was discovered only during an internal audit triggered by the incident.
“No security system can ever be considered perfect,” Oh said, pledging infrastructure upgrades and continued transparency as investigations continue.
The company said all affected users would be reimbursed in full using internal reserves. Withdrawals and deposits will remain suspended until final security inspections are completed.
South Korean Probe Points to North Korea’s Lazarus Group in Upbit Hack
South Korean authorities have launched an investigation, and local reports have cited early intelligence assessments that allegedly connect the intrusion to North Korea’s Lazarus Group.
The group has previously been linked to crypto thefts aimed at generating revenue for Pyongyang amid persistent foreign currency shortages.
Officials believe this time the hackers may have bypassed core infrastructure by impersonating administrators or compromising internal accounts to authorize the withdrawal.
Upbit continues to work with law enforcement agencies and blockchain projects to freeze and recover assets where possible, the exchange said.
The incident comes at a sensitive moment for Upbit’s parent company, Dunamu, which is preparing for a merger with South Korean internet giant Naver ahead of a potential public listing.
South Korea’s largest cryptocurrency exchange, Upbit, is currently under scrutiny by regulators following a significant hack that led to the unauthorized withdrawal of approximately $36.9 million in assets on the Solana (SOL) network. The breach impacted over 20 different tokens and has prompted Upbit to freeze assets on its platform while an investigation unfolds.
Lazarus Group Tied To Upbit Hack
Authorities are now investigating the possibility of North Korean involvement in the cyber attack. Reports suggest that a group affiliated with North Korea’s intelligence agency, the notorious Lazarus Group, may have orchestrated the hack, which Upbit has described as an “abnormal withdrawal.”
This group has been consistently linked to several high-profile crypto heists in recent years, and the US Federal Bureau of Investigation (FBI) has identified North Korean cyber operations as one of the most sophisticated and persistent threats.
The recent attack coincidentally occurred just days before the sixth anniversary of a previous major breach, in which Upbit lost 342,000 Ethereum (ETH) to North Korean hackers.
According to an unnamed government official, this latest hack bears similarities to a 2019 incident in which approximately 58 billion won in cryptocurrencies was stolen, also attributed to the Lazarus Group.
In response to the attack, the South Korean National Police Agency has launched an investigation into the matter, although officials have not provided further comments on the case. Upbit’s operator, Dunamu, confirmed that an in-depth investigation into the cause and extent of the asset outflow is currently underway.
Crypto Exchange Moves Funds To Cold Storage
The cryptocurrency exchange’s CEO Oh Kyung-seok stated that as soon as abnormal withdrawal activity was detected, Upbit promptly suspended all deposit and withdrawal services.
“We are conducting a comprehensive inspection, prioritizing the protection of member assets,” he said in a notice to users. Following the discovery of the unauthorized transactions, Upbit has taken steps to freeze the affected funds wherever possible.
To prevent any further unauthorized transfers, the exchange has shifted all remaining assets to cold storage, ensuring “a secure environment for funds.”
Upbit is also said to be working with relevant project teams to freeze assets on-chain, having already blocked a portion of the stolen funds related to the cryptocurrency Solayer (LAYER). The exchange has indicated that deposits and withdrawals will only resume once full security checks are completed.
Dunamu has vowed to reimburse customers for any losses with business funds as part of its commitment to its users. It remains to be seen what additional information the country’s authorities will release in the coming days, as well as potential refund deadlines for affected individuals.
Featured image from DALL-E, chart from TradingView.com
Upbit, South Korea’s biggest cryptocurrency exchange, said it found unusual withdrawals from one of its Solana hot wallets and moved quickly to stop trades and protect customers.
According to company statements and law enforcement sources, about 44.5 billion Korean won — roughly $32 million — vanished in the incident that surfaced late November 2025. Upbit paused deposits and withdrawals and said it would repay affected users from its own reserves.
Suspected North Korean Ties
Based on reports from investigators and industry watchers, authorities are examining links to the Lazarus Group, a cyber unit long tied to North Korea.
Security teams point to methods similar to earlier attacks attributed to the same group, including a major breach in 2019 that took 342,000 ETH from the exchange.
Officials say the pattern of rapid withdrawals, quick cross-chain transfers, and spreading funds across many wallets matches tactics used in past nation-linked operations.
today south korea blamed north korea for the upbit hack
nice headline
but that part came later
so what actually happened?
an unknown attacker drained a few of upbit’s hot wallets
waited a bit
then started moving funds across chains
Reports have disclosed that the stolen tokens were moved off Solana, converted through several bridges, and routed through multiple chains to make tracking harder.
Transfers happened fast and in many small transactions, which complicates tracing attempts on the blockchain. Blockchain analysts are combing transaction histories, but the bridge conversions and mixing steps slow down any straightforward recovery efforts.
On-Site Checks And Ongoing Forensics
Authorities have launched inspections at Upbit’s systems and are reviewing logs, admin access records, and wallet backups.
According to sources close to the probe, investigators suspect an admin credential compromise or impersonation rather than a simple software flaw in Upbit’s servers.
While evidence is still being gathered, forensic teams are looking for the entry point used to sign the withdrawal transactions and any indicators of outside control.
Investigation And Market Impact
The timing of the theft drew attention because it coincided with corporate news: Upbit’s parent, Dunamu, had public talk of a merger with Naver valued at about $10.3 billion.
Market players noted the coincidence, and some suggested the attack could aim to distract or unsettle stakeholders. For investors, exchanges, and regulators, the incident renews calls for stricter custody controls, better separation of hot and cold wallets, and clearer rules for large crypto platforms.
Yonhap News reports that South Korea’s largest crypto exchange, Upbit, suffered a hack worth about 44.5 billion KRW ($32 million). Authorities are investigating whether North Korea’s Lazarus Group was behind the attack. The group was also linked to Upbit’s 2019 theft of 58…
Upbit has pledged full reimbursement to users hit by the theft and says it will share findings when the probe allows. Based on reports, tracing and recovery work is ongoing but will be slow because of how the assets were fragmented and moved across chains.
Watchers say confirmation of Lazarus involvement would mark another example of how state-linked actors continue to target major crypto firms.
Authorities have not yet publicly released a definitive attribution. The next steps to watch include any formal statements from prosecutors, whether any of the moved funds are frozen or returned, and how regulators will respond to reduce the chance of similar losses.
Featured image from Advance Innovations, chart from TradingView
South Korea’s largest cryptocurrency exchange, Upbit, is facing a second major security crisis after 44.5 billion won (around $30–32 million) in digital assets were drained from a hot wallet, with authorities “strongly” suspecting North Korea’s Lazarus Group.
According to ICT industry sources and government officials cited by Yonhap News on November 28, investigators are focusing on Lazarus, a hacking unit under North Korea’s Reconnaissance General Bureau, as the likely perpetrator. The group was also suspected in Upbit’s 2019 breach, when approximately 58 billion won in Ethereum was stolen.
North Korean Crypto Hackers Strike Again
The latest incident again centers on a hot wallet — an internet-connected operational wallet — replicating the core vulnerability of 2019. A government official quoted by Yonhap said the attack likely did not involve a deep server exploit but instead an administrative compromise: “Rather than a server attack, it’s possible they compromised an administrator account or impersonated an administrator to transfer funds,” adding that because the earlier hack used this method, “we consider this approach the most likely.”
Security experts point to the post-hack on-chain behavior as key circumstantial evidence. After the theft, the funds were rapidly “hopped” through other exchange wallets and then subjected to “mixing,” a laundering technique designed to break traceability.
One expert noted that “funds were hopped to other exchange wallets before mixing occurred. This can be seen as the modus operandi of the Lazarus Group,” adding that “once mixing occurs, transactions become untraceable.” Because FATF member countries cannot legally operate mixing services, the expert argued it is “highly likely North Korea was responsible.”
The timing has raised additional suspicion. The hack occurred on November 27, the same day Naver and Upbit operator Dunamu held a high-profile joint press conference at Naver’s “1784” headquarters to present their group-integration and AI/Web3 expansion strategy.
A security expert suggested the date may have been intentionally chosen: “Hackers often have a strong desire to show off. It’s possible they chose the 27th as the hacking date to flaunt their timing, selecting the very day of the merger announcement.” The attack also lands almost exactly six years after Upbit’s 2019 hack, which occurred on November 27.
Regulatory and supervisory bodies have moved quickly. Following a December interpretation by the Financial Services Commission that virtual asset exchanges’ user transaction data falls under the Credit Information Act, the Financial Supervisory Service and the Korea Financial Security Institute have launched an on-site inspection of Upbit. The Korea Internet & Security Agency has joined to provide technical support.
At press time, the total crypto market cap stood at $3.07 trillion.
Upbit patched a wallet flaw after a $30M Solana-related hack.
Withdrawals were halted, and stolen funds were partly frozen following the attack.
Authorities probe possible Lazarus Group involvement.
South Korea’s largest cryptocurrency exchange, Upbit, has revealed a serious internal wallet vulnerability while conducting an emergency audit in the wake of a $30 million hack.
The discovery comes as the company continues to investigate irregular Solana-based withdrawals that triggered the security review, raising concerns about potential risks to private keys within the platform’s wallet system.
Flaw discovered after emergency audit
The emergency audit, launched following the detection of abnormal activity on Nov. 26, uncovered a flaw in Upbit’s internal wallet software that could allow attackers to mathematically derive private keys by analysing blockchain transactions.
CEO Oh Kyung-seok, in a published announcement after the audit, explained that while blockchain data is normally public but secure, the company’s own wallet implementation produced weak and predictable signature data, creating the theoretical risk.
Upbit emphasised that the flaw was discovered only after the systemwide review and did not appear to be directly linked to the hack itself.
The exchange has since patched the vulnerability and conducted a comprehensive inspection of all related networks and wallet systems to ensure no further weaknesses remain.
Upbit to cover all losses using its own reserves
The Upbit hack, which resulted in losses totalling roughly 44.5 billion KRW, including approximately 38.6 billion KRW in customer assets, prompted immediate action from the exchange.
Withdrawals were suspended, and remaining assets were moved to cold storage to prevent further losses.
About 2.3 billion KRW of the stolen funds, equivalent to around $1.5 million, has already been frozen.
Oh Kyung-seok described the situation as a reminder that no security system can be considered completely infallible.
Kyung-seok has assured customers that Upbit would cover all losses using its own reserves and pledged to strengthen security measures across the platform.
The exchange has committed to resuming deposits and withdrawals only after the final verification of its wallet systems.
South Korean authorities are investigating the hack
South Korean authorities have launched an investigation into the incident, with early intelligence reports pointing to potential involvement by the North Korea-linked hacking group Lazarus.
While Upbit and regulators have not publicly confirmed this, the company continues to collaborate with law enforcement and blockchain projects to recover and freeze stolen assets wherever possible.
The incident has prompted Upbit to conduct a broader security review of its entire infrastructure.
The exchange noted that irregular withdrawals from Solana-related wallets, including tokens such as ORCA, RAY, and JUP, served as a catalyst for the emergency audit and subsequent vulnerability discovery.
By conducting a full overhaul of wallet systems, Upbit aims to prevent similar breaches in the future.
South Korean authorities suspect that the November Upbit hack may have been masterminded by the notorious Lazarus Group. Unnamed industry sources told local media that the North Korean state-backed hackers may have been behind the breach, as the recent attack…
North Korea’s notorious cybercrime unit, Lazarus Group, is suspected of orchestrating a major cryptocurrency breach that drained roughly $30.6 million from South Korea’s largest exchange, Upbit.
Key Takeaways:
North Korea’s Lazarus Group is suspected of stealing about $30.6 million from Upbit.
Upbit operator Dunamu said it will fully reimburse users and has halted transactions.
Officials say the stolen funds were rapidly laundered through multiple wallets, a tactic Lazarus has used in past.
Authorities are preparing to conduct an on-site inspection at the exchange, following signs that the attack may be tied to the same actors behind previous intrusions attributed to Lazarus, Yonhap News reported, citing government and industry sources.
The group has previously been linked to crypto thefts aimed at generating revenue for Pyongyang amid persistent foreign currency shortages.
Dunamu to Reimburse Users After $30M Solana-Linked Hack at Upbit
Upbit’s operator, Dunamu, confirmed that Solana-linked assets worth 44.5 billion won were transferred to an unauthorized wallet on Thursday.
The company said it will reimburse users in full using its own reserves and moved quickly to halt withdrawals and deposits as internal checks were launched.
Investigators said the techniques used in the breach closely resembled the 2019 incident in which attackers allegedly stole 58 billion won in Ethereum from the same platform.
Officials believe this time the hackers may have bypassed core infrastructure by impersonating administrators or compromising internal accounts to authorize the withdrawal.
Security officials said the funds were swiftly moved through wallets associated with other platforms, indicating an attempt to obscure transaction trails through laundering tactics that Lazarus has used in past operations.
“It is their standard approach to scatter tokens across multiple networks to break tracking,” one official said.
today south korea blamed north korea for the upbit hack nice headline but that part came later
so what actually happened?
an unknown attacker drained a few of upbit’s hot wallets waited a bit then started moving funds across chains
Analysts noted that Lazarus has repeatedly targeted high-profile crypto platforms to maximize impact and exposure, suggesting the attack may have been deliberately staged to exploit heightened public attention.
Earlier this month, South Korea said it may reconsider its sanctions approach toward North Korea after new US measures connected Pyongyang’s crypto theft operations to the funding of its weapons programs.
Second Vice Foreign Minister Kim Ji-na said Seoul could “review sanctions as a measure if they are really needed,” stressing close coordination with Washington to counter North Korea’s growing cyber and digital threats.
“In cases of cryptocurrency theft by Pyongyang, coordination between South Korea and the US is important, as it can be used to fund North Korea’s nuclear and missile programs and pose a threat to our digital ecosystem,” Kim stated.
Naver Announces Plan to Acquire Dunamu
The breach came a day after Naver announced a plan to acquire Dunamu via a share-swap deal through its finance arm, putting the exchange in the national spotlight.
Meanwhile, Naver Financial, the fintech arm of South Korean internet giant Naver, is preparing to roll out a stablecoin wallet in Busan as part of the city’s ongoing push to build a blockchain-powered local economy.
Naver has reportedly finished development of the wallet, which is now undergoing final checks before its scheduled launch next month.
The project is being built in partnership with venture capital firm Hashed and the Busan Digital Asset Exchange (BDAN), the entity behind Busan’s broader digital asset strategy.
Upbit, one of South Korea’s largest crypto exchanges, reported a major loss after a Solana-network hot wallet was emptied early on November 27, 2025.
According to reports, about 54 billion Korean won — roughly $36–37 million — was taken in what the company called an “abnormal withdrawal” detected at 04:42 KST.
Upbit Suspends Solana Services
According to the exchange, deposits and withdrawals for assets on the Solana chain were halted immediately after the breach was found.
Company engineers moved remaining Solana holdings into cold storage to limit further access. Some tokens were later frozen on-chain while investigators traced transfers.
Reports have disclosed that about 12 billion won (around $8–9 million) in LAYER tokens has been frozen so far.
NEW: UPBIT DISCLOSES ~$37M HACK ON SOLANA NETWORK – “TO PREVENT ANY DAMAGE TO MEMBER ASSETS, THE ENTIRE AMOUNT WILL BE COVERED BY UPBIT’S HOLDINGS. WE WOULD LIKE TO REITERATE THAT THIS WILL NOT AFFECT MEMBER ASSETS”
Based on reports from blockchain trackers and media outlets, the stolen assets included SOL and USDC along with many Solana-ecosystem tokens.
Stolen tickers reportedly include ACS, BONK, RAY, JUP, PYTH, ORCA, JTO, LAYER, RENDER, MOODENG, and TRUMP, among others.
The list is long, and tracking continues as some tokens move through multiple wallets. At this stage, several of the addresses holding the funds are under active monitoring.
Dunamu, Upbit’s parent company, has said the exchange will cover the full loss from its own reserves so that customer balances will not be reduced.
According to the company, this decision was made to protect users while the technical and forensic reviews are under way.
A security review of the deposit and withdrawal systems has been launched, and outside experts are reported to be assisting with the investigation.
Past Incidents And Timing Raise Questions
Reports note the timing was awkward: the breach came just after a high-profile corporate announcement involving Naver Financial on November 26, 2025.
Upbit is not new to major hacks; a 2019 attack cost the platform a large amount of ETH. Hot wallets, which are connected to the internet, remain a known weak point for centralized exchanges. That risk was exposed again here.
On-Chain Tracking And Recovery Hopes
Blockchain analysts are following the trail of transfers and identifying the wallets that received funds. Some tokens can be frozen if their issuers or governing authorities cooperate, which is how the reported LAYER freeze was achieved.
Still, many assets may be hard to recover, and legal routes can be slow. It was reported that the exchange attempted to freeze what it could while moving other assets offline.
What This Means For Users And Market Confidence
For now, Upbit users have been assured their funds are safe because the operator pledged to absorb the loss.
Market reaction could include temporary liquidity issues for certain Solana tokens listed on the platform while services remain limited.
Featured image from Pixabay, chart from TradingView
The timing is awful. The breach occurred just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp.
The timing is awful. The breach occurred just hours after its parent company, Dunamu Inc., unveiled a massive $10.3 billion takeover by tech giant Naver Corp.
About 54 billion won in tokens moved to an external wallet on Nov. 27.
Around 12 billion won in Solaire tokens have been frozen so far.
The breach coincided with Dunamu’s major merger plans with Naver.
Upbit, South Korea’s largest crypto exchange, is carrying out extensive security inspections after an early-morning breach on Nov. 27 led to unauthorised transfers of Solana-linked assets worth about 54 billion won.
The exchange halted all deposits and withdrawals as it began moving digital assets to cold storage and initiated a broader internal review.
The incident has renewed attention on how Solana-based tokens are secured across trading platforms and has placed pressure on Upbit to strengthen systems as the company enters a major corporate transition involving its parent firm, Dunamu.
Solana assets targeted in early transfer
The breach took place at around 4:42 am on Nov. 27 when Solana network assets, including SOL, USDC, and other smaller tokens, were moved to an external wallet without authorisation.
Upbit described the activity as abnormal withdrawals connected to the Solana network.
The exchange confirmed that roughly $37 million worth of digital assets had been affected.
Upbit immediately suspended services to stop further transfers.
It said it has identified the entire scale of the outflow and will fully compensate users by covering the amount with its own holdings.
Customer balances will not be touched as part of the reimbursement process.
To control risk, the exchange transferred assets to cold storage and started a systemwide inspection of its wallet operations, deposit channels, and withdrawal procedures.
These steps were taken to prevent any further unauthorised movement and to contain the situation while teams examined logs and asset flows.
System checks widen beyond the Solana network
Upbit said its investigation will not be restricted to the Solana ecosystem.
It is reviewing the stability and security of the complete deposit and withdrawal infrastructure. This includes a detailed audit of network connections, wallet systems, and digital asset storage methods.
The exchange has begun an emergency sweep of internal processes and is carrying out a full evaluation of whether other networks require additional protections.
Deposits and withdrawals will resume gradually once the inspections conclude and the company is satisfied with system security.
The timing has amplified industry attention.
The breach occurred one day after Dunamu announced plans for a multibillion-dollar merger with Naver’s fintech arm.
The deal, valued at about $10.3 billion, represents one of the largest corporate moves in Asia’s digital finance landscape.
Reports suggest it may support Upbit’s ambitions for a future Nasdaq listing, creating pressure for the company to demonstrate resilience during a sensitive transition.
Freeze efforts expand as authorities prepare response
Upbit has started on-chain measures to track and freeze the affected assets.
It said around 12 billion won in Solaire tokens have already been frozen, and it continues to work with related projects and institutions to stop further movement.
The exchange is tracing the remaining funds through blockchain monitoring tools and coordinating with partners to identify additional freeze points.
Authorities and law enforcement agencies are also expected to join the investigation.
Upbit has prepared to cooperate with official inquiries once they begin and has asked users to report any verified information linked to the suspicious transactions.
The company acknowledged the disruption caused by the suspension of services and repeated that member assets remain protected.
It also stressed that the entire outflow will be covered using the exchange’s own resources.
Major merger plans heighten timing pressure
The breach took place on the anniversary of a major incident in Upbit’s history.
In 2019, on the same date, the exchange lost 342,000 ETH in another high-profile theft.
South Korean investigators later connected the event to North Korean hackers.
The stolen Ether has since increased in value to over $1 billion and remains one of the largest crypto heists associated with the country.
With deposits and withdrawals still paused, Upbit plans to restore services in stages after it completes its full review.
The exchange said its priority is to secure its infrastructure across all supported networks and to strengthen safeguards around Solana-linked assets while recovery and freeze efforts continue.
Naver Financial will acquire Dunamu in a $10.3B stock-swap deal.
The merger now awaits shareholder votes and key regulatory approvals.
If successful, Upbit’s operator will become a wholly owned Naver subsidiary in 2026.
Naver Financial has set the stage for one of South Korea’s largest fintech and crypto-related mergers, unveiling a stock-swap plan to fully acquire Dunamu, the company behind the country’s dominant crypto exchange, Upbit.
Dunamu recently reported 10.4 trillion won in total assets and 4 trillion won in equity, with revenue up 35% and net profit rising 145% year-over-year, cementing its position as one of Korea’s most influential digital asset players.
A landmark stock-swap merger
Naver Financial confirmed that it will absorb Dunamu through a stock-swap transaction valued at approximately 15.1 trillion won, or about $10.3 billion.
To complete the merger, the company will issue 87.56 million new shares to Dunamu shareholders according to a filing made on Wednesday, making the crypto firm a wholly owned subsidiary once the process is finalised.
The exchange ratio, set at 2.5422618 Naver Financial shares for each Dunamu share, was determined through an external discounted cash-flow valuation.
The effective stock exchange date is scheduled for June 30, 2026, though shareholders will vote on the plan earlier, at general meetings set for May 22, 2026.
Investors who oppose the deal will have the option to exercise appraisal rights at a price of 117,780 won per Naver Financial share.
These rights can be exercised from May 22 to June 11, 2026.
However, the deal may be cancelled if appraisal demands exceed 1.1 trillion won combined, unless both parties agree to adjust the cap.
Several regulatory approvals are required
The merger still requires approval from multiple regulators before it can proceed.
The deal must pass a business combination review by the Fair Trade Commission and meet requirements tied to major shareholder changes under the Act on the Use and Protection of Credit Information.
Naver Financial acknowledged in its filings that delays remain possible if any part of the process stalls.
But despite those hurdles, the companies appear confident about the transition.
Naver has said it plans to use the merger to “secure future growth momentum based on digital assets.”
While the firms have not yet mapped out structural changes following the merger, both sides expect closer strategic and operational cooperation.
According to reports shared earlier this year, Naver Financial is preparing to launch a Korean won-backed stablecoin after the merger, though no official timeline has been disclosed.
If confirmed, the move aligns with broader shifts in South Korea, where major banks and policymakers have adopted a more supportive stance toward digital asset innovation.
Notably, the election of President Lee Jae-myung marked a turning point for crypto regulation, and several domestic banks have already announced plans to introduce won-pegged stablecoins by late 2025 or early 2026.
That environment may provide Naver with fertile ground to expand its fintech capabilities and build a digital finance ecosystem that integrates payments, blockchain services, and investment tools.
Naver plans to acquire Dunamu in a KRW 20 trillion stock exchange.
Upbit controls around 70% of Korea’s crypto trading market.
Dunamu’s unlisted shares surpassed KRW 400,000 after the merger news.
South Korea’s crypto and fintech landscape is shifting rapidly as Naver prepares to acquire Dunamu in a landmark stock-swap merger that could reshape the country’s global ambitions.
The deal, expected to move through board approvals next week, places Upbit at the centre of Korea’s broader plan to expand into US capital markets.
The move has also revived momentum around a potential Nasdaq listing, with investors and analysts treating the merger as a structural reset that creates the most favourable environment yet for international expansion.
With market prices already reacting, the development signals a new phase for how Korea aims to position itself within the global crypto-fintech race.
This follows local confirmation that Naver Financial intends to acquire Dunamu through a KRW 20 trillion ($14.5 billion) stock exchange.
Once completed, the deal would make the Upbit operator a fully owned subsidiary of South Korea’s dominant internet group.
The merger would connect Naver’s broad fintech network with Upbit’s roughly 70% share of domestic crypto trading.
This creates a platform capable of operating on an international scale and opens new pathways for Upbit to expand beyond its core market.
The alignment of Naver’s technology reach with Dunamu’s blockchain capabilities is seen as a decisive advantage that supports long-term global integration.
Market signals reflect rising expectations
The financial markets have already responded to the merger’s implications.
Dunamu’s unlisted shares climbed above KRW 400,000 for the first time in more than three years.
Naver stock also surged nearly 20% in the days after news of the acquisition emerged.
These market movements reflect growing confidence that the merged entity will target an eventual entrance into the US capital markets.
Experts note that integrating Upbit under Naver creates a corporate structure that is more familiar to US regulators and therefore more suitable for a potential Nasdaq listing.
Research suggests that a listing could be possible as early as 2026, depending on broader market conditions.
Forecasts place the combined valuation of the Naver–Dunamu entity at around KRW 50 trillion, driven by Naver’s fintech scale and Dunamu’s blockchain infrastructure Giwa.
Upbit’s global momentum comes as competitors adjust their public-market plans.
Bithumb, the second-largest crypto exchange in Korea, has regained about 25% of its domestic market share and is reportedly preparing for its own listing attempt.
A new chapter for Asia’s crypto-fintech growth
If approved, the Naver–Dunamu merger could make Korea the first in Asia to attempt to bring a major crypto exchange to Nasdaq.
The development represents a significant step in the region’s broader move to compete more aggressively in global financial markets.
As Naver and Dunamu prepare to combine their strengths, Upbit is emerging as a central player in the next phase of Korea’s push toward international crypto-fintech leadership.
South Korea shines as a global crypto powerhouse, where technology, finance, and innovation collide to create a thriving digital economy. With over 6 million active traders, nearly 12% of the population, crypto isn’t just an investment trend anymore; it’s becoming a mainstream financial movement.
Backed by cutting-edge blockchain infrastructure, progressive regulations, and a digitally native population, South Korea has built one of Asia’s most vibrant and trusted crypto exchange ecosystems. From first-time investors exploring Bitcoin to Web3 startups launching next-gen platforms, the nation’s crypto scene is buzzing with growth
Let’s dive into the top crypto exchanges in South Korea for 2026 and discover how they’re fueling the country’s next big leap in digital finance, one innovative trade at a time.
Best Crypto Exchanges in South Korea
The crypto market in South Korea is still vibrant, and exchanges in the country are innovative, safe, and accessible. These platforms can be trustworthy trading experiences with good regulatory support, whether you are a beginner or an experienced trader. Here are the most trusted and popular crypto exchanges in South Korea
Upbit
Bithumb
Coinone
Korbit
GOPAX
Huobi Korea
Kucoin
MEXC
Upbit
Upbit leads the South Korean crypto trading market, dominating with the highest trading volume and user base. Fully licensed by the Financial Services Commission (FSC), it’s a benchmark for transparency, trust, and compliance. With a clean interface, KRW markets, and powerful trading tools, Upbit continues to stand tall among the largest crypto exchange platforms in South Korea.
Key Features
Largest exchange by market share and KRW trading volume
Certified under ISMS-P and ISO/IEC 27001 for data security
Offers a wide range of tokens and NFT trading options
Seamless mobile app and real-time analytics for traders
Best For
South Korean investors seeking a secure, high-liquidity exchange
New and pro traders looking for regulated local platforms
Bithumb
Founded in 2014, Bithumb is one of the oldest and most reputable exchanges in South Korea. It has earned investor trust through transparency, stable banking integration, and a proven security framework. Known for its deep liquidity and large trading volumes, Bithumb remains a go-to exchange for serious traders.
Key Features
High liquidity in leading assets like BTC, ETH, and XRP
Competitive trading fees and quick KRW settlement
Insurance-backed protection for user assets
Real-time trading data and professional charting tools
Best For
Institutional and high-volume traders need deep liquidity
Long-term investors prioritize security and reliability
Coinone
Coinone is one of the best crypto exchanges in South Korea due to its high compliance and security-first policy. It has an easy-to-use interface and is easy to integrate with KRW, which makes it suitable with individuals and startups. The transparency of the platform has ensured that the platform is trusted in the long run in the market.
Key Features
Fully regulated under South Korean AML and KYC guidelines
Offers diverse crypto pairs, DeFi tokens, and staking options
Real-time portfolio monitoring and KRW wallet integration
Clean interface and excellent mobile usability
Best For
Startups and fintech investors seeking regulated trading platforms
Korbit is the first South Korean crypto exchange, which was launched in 2013, and is a leader in the field of blockchain adoption. It integrates conventional finance ethics and digital innovation. Supported by Nexon Group, Korbit provides users with a secure and regulatory access to digital assets and education-oriented trading platforms.
Key Features
Korea’s first licensed and regulated exchange
Offers NFTs, DeFi tokens, and educational resources
Reliable cold wallet storage and two-factor authentication
Backed by a strong corporate infrastructure via Nexon Group
Best For
Beginners entering Korea’s crypto market with education support
NFT and DeFi enthusiasts exploring innovative asset options
GoPax
GoPax is gaining attention as one of the most promising crypto exchanges in South Korea, emphasizing transparency and accessibility. Recently linked to Binance, it combines global liquidity with local trust. GoPax appeals to retail traders and institutions alike with its modern interface and solid compliance.
Key Features
Fully compliant with FSC and AML regulations
Integrated KRW deposits with local bank partnerships
Offers staking, DeFi, and yield programs
Backed by Binance for liquidity and scalability
Best For
Retail traders seeking a simple, modern crypto experience
Institutions preferring regulated platforms with DeFi options
Huobi Korea
Huobi Korea extends the strength of Huobi Global’s liquidity into South Korea’s regulated market. It caters to professional traders with high-volume features while maintaining Korean-language support and local compliance.
Key Features
Access to Huobi Global’s deep liquidity pools
Institutional-grade trading tools and margin features
Multi-layered security and KYC compliance
24/7 Korean-language customer support
Best For
Professional traders seeking advanced tools and liquidity
Enterprises operating in both local and global markets
KuCoin
While globally headquartered, KuCoin has built a significant user base in South Korea. Its intuitive design, vast token listings, and competitive fees make it one of the most popular global exchanges used by Korean traders.
Key Features
700+ listed cryptocurrencies and altcoins
Low trading fees and a smooth user interface
Supports futures, margin, and P2P trading
Staking and yield programs for passive income
Best For
Altcoin enthusiasts seeking diverse investment opportunities
Global investors connecting with Korea’s trading community
MEXC
MEXC is rapidly becoming a favorite in the South Korean trading market, offering fast order execution and extensive altcoin access. Its strong performance and easy navigation make it appealing to both day traders and professionals.
Key Features
High-speed trading engine and low fees
Wide range of altcoins and derivative instruments
User-friendly mobile and desktop platforms
Integration with Korean fiat gateways
Best For
Day traders need fast execution and flexibility
Altcoin investors seeking new market opportunities
Why Launch Your Crypto Exchange In South Korea?
Starting a crypto exchange in South Korea is a strategic move for entrepreneurs looking to tap into one of the most advanced and active digital economies in the world.
1. High Crypto Adoption
Millions of South Koreans trade cryptocurrencies daily, contributing to one of the world’s most active retail trading environments. This consistent engagement ensures deep liquidity and reliable trading volumes across local exchanges.
2. Tech-Savvy Population
South Koreans are early adopters of technology, from mobile payments to online gaming. The phenomenon of crypto trading has been integrated into the daily life of financial activity due to the high penetration of smartphones and the level of digital literacy
3. Stable Regulations
Cryptocurrency exchanges are enforced with strict compliance standards by the Financial Services Commission (FSC). The entrance to the market is not easy, but the people who achieve these criteria receive high credibility and user trust.
4. Strong Digital Infrastructure
South Korea has one of the most stable and fastest internet networks in the world, which facilitates smooth crypto trading practices. This system enables both the retail traders and the institutional traders to conduct high-speed and secure transactions
5. Growing Blockchain & Startup Ecosystem
The Korean startup scene is booming, from NFTs to DeFi projects. Most of these projects are based on local exchange launches of tokens, fundraising, and community development, which continue to enlarge the digital finance ecosystem in the country.
Key Factors Driving Crypto Exchange Growth in South Korea
1. Regulatory Compliance & Licensing
Exchanges have to be registered by the Financial Services Commission (FSC) and meet the regulations of the KYC/AML. Complete regulation will create investor confidence and leverage, which will provide a long-term stability of operation in the Korean market.
2. Banking Partnerships & KRW Integration
To support KRW trading pairs, exchanges need real-name banking partnerships. Secure fiat gateways with major banks like Shinhan and NongHyup enhance credibility and enable smooth deposits and withdrawals.
3. Data Security & Compliance Standards
Korea has stringent cybersecurity regulations under PIPA. Transactions should be certified in ISMS or ISO/IEC 27001 and protect user information, wallets, and the transparency of transactions.
4. Market Competition & User Trust
New exchanges need to be innovative since Upbit and Bithumb are the leading ones. Better UI, reduced fees, or other incentives such as access to DeFi can be used to attract traders and create loyalty.
5. Cultural & Market Adaptation
The Korean users are concerned with speed and mobile accessibility, and support of their native language. Delivering a seamless trading experience, a well-developed community, and culturally balanced marketing will assist the exchanges in gaining trust and relationships over the long-term use of the product in this highly dynamic market environment.
To Conclude
South Korea has become a major hub for digital assets, blending innovation, regulation, and high trading activity. For entrepreneurs, launching a crypto exchange here means huge growth potential. With strong regulations, advanced technology, and an active user base, the market is ready for new entrants. A secure, compliant, and localized exchange can help tap into Korea’s thriving digital economy. Partnering with a reliable cryptocurrency exchange development companymakes it easier to build or upgrade your platform while staying compliant, helping you stand out in South Korea’s fast-growing and competitive crypto landscape.
Login
