Crypto Journalist
Amin Ayan
Share
Korean authorities say Binance froze only a small portion of the crypto stolen during last month’s Upbit hack, despite an urgent request from police and the exchange to halt the movement of illicit funds.
Key Takeaways:
- Binance froze only 17% of the stolen Upbit funds despite an urgent request from police and the exchange.
- Hackers used complex laundering tactics across multiple chains, with most funds eventually reaching Binance service wallets.
- Korean experts say faster, coordinated freeze mechanisms are needed to limit losses in future attacks.
According to investigators, only 17% of the assets flagged for freezing were actually locked down, local news outlets reported on Friday.
Security analysts tracking the breach say the hacking group behind the attack used an elaborate laundering strategy on the morning of November 27, quickly scattering the stolen assets across more than a thousand wallets.
Binance Froze Only 17% of Upbit Hack Funds
The attackers repeatedly broke the funds into smaller portions, moved them through multiple chains, and relied on token bridges and swaps to obscure the trail.
Most of the laundered assets eventually landed in service wallets on Binance, authorities said.
Upbit and police requested an immediate freeze on roughly 470 million won (about $370,000) worth of Solana confirmed to have hit Binance.
However, the exchange froze only 80 million won (about $75,000), saying it needed additional verification before taking broader action.
The freeze was confirmed around midnight on the day of the incident, roughly 15 hours after the original request.
When questioned by Korean broadcaster KBS about the limited scope of the freeze and the delay, Binance declined to address specifics, citing its policy around active investigations.
The exchange said only that it “continues to cooperate with the relevant authorities and partners in accordance with appropriate procedures.”
That explanation has not satisfied experts in South Korea. Cho Jae-woo, director of Hansung University’s Blockchain Research Institute, argued that rapid intervention is essential to minimize losses.
“To prevent damage from hacking, a swift initial freeze is essential, but exchanges often cite litigation risks as an excuse for being hesitant,” he said.
He added that the industry should consider establishing a global emergency hotline between exchanges or a coordinated body empowered to impose immediate freezes in crisis situations.
Investigators say most of the stolen assets have since been converted from Solana to Ethereum, a move likely aimed at improving liquidity given Ethereum’s deep markets.
Upbit Moves 99% of Customer Assets to Cold Storage After $30M Hack
As reported, Upbit is shifting nearly all customer assets into cold storage after hackers stole 44.5 billion won (about $30 million) from its Solana hot wallet, marking one of the strongest security responses yet by a major exchange.
Operator Dunamu said the platform will raise its cold wallet ratio to 99% and reduce hot wallet exposure to effectively zero, far above South Korea’s legal requirement that 80% of user funds be stored offline.
The exchange already held 98.33% of assets in cold storage at the end of October, the highest among domestic platforms, but accelerated its overhaul following the breach.
Meanwhile, South Korean authorities have launched an investigation, and local reports have cited early intelligence assessments that allegedly connect the intrusion to North Korea’s Lazarus Group.
