Cold wallets keep funds offline and better protected, though they’re slower to use. Hot wallets, on the other hand, stay online for quick transactions but are much more vulnerable to attacks.
South Korea’s biggest crypto exchange, Upbit, is moving nearly all customer funds into cold storage after a major breach of one of its Solana hot wallets — marking one of the most dramatic security overhauls by a major trading platform to date.
Operator Dunamu announced that it will raise the share of user assets kept in cold wallets to 99% and reduce hot wallet exposure to virtually zero. The move comes after hackers stole 44.5 billion won (around $30 million) from a connected wallet.
This shift pushes Upbit far beyond the requirements of South Korea’s Virtual Asset User Protection Act, which mandates that exchanges store at least 80% of customer deposits offline.
Upbit Slashes Hot Wallet Usage Following Security Audit
Cold wallets keep digital assets offline, making them much more secure but slower to move. Hot wallets, on the other hand, stay online to handle deposits and withdrawals instantly — but that convenience comes with far greater vulnerability.
For everyday traders, raising the cold-storage ratio to 99% means that only a tiny fraction of Upbit’s assets would ever be exposed if another hot wallet breach occurred.
Dunamu revealed that as of the end of October 2025, Upbit already held 98.33% of customer assets in cold wallets and 1.67% in hot wallets. Even before the hack, this was the lowest hot wallet ratio among Korean exchanges, where most competitors kept between 82% and 90% of assets offline, according to data from lawmaker Heo Young.
Upbit says it maintained cold storage above 98% despite rising crypto prices and heavy inflows from new listings. After completing a full review of its wallet systems, the company is now pushing its hot wallet exposure down to zero.
Solana-Linked Attack Triggered Emergency Response
This overhaul follows a Solana-related hack initially estimated at 54 billion won (around $36 million). After reviewing the incident, Upbit revised the loss estimate to 44.5 billion won.
According to the exchange, roughly 38.6 billion won (about $26.2 million) accounts for direct user losses — all of which Upbit says it will fully reimburse from its own reserves.
The stolen tokens included Solana’s SOL as well as ORCA, RAY, and JUP. After spotting abnormal withdrawals, Upbit froze activity, moved remaining assets to cold wallets, and launched a forensic review of its systems and on-chain movements.
Engineers reportedly identified a flaw in the wallet software that might have allowed attackers to infer private keys using publicly available blockchain data. Upbit did not confirm whether that vulnerability was directly exploited, but its sweeping shift away from hot wallets suggests the company now views hot wallet exposure itself as a systemic risk — not just a technical glitch that can be patched.
New Standards Could Force Exchanges to Compensate Users After Hacks
The incident is already influencing regulatory discussions. South Korea’s Financial Services Commission is exploring new rules that would impose bank-level liability on major crypto exchanges. Under the proposals, platforms would have to compensate users for hacks or system failures — even if the exchange was not at fault — mirroring obligations banks and e-payment providers already face under the country’s electronic financial transactions law.
If adopted, these rules would force exchanges to strengthen both their security and their financial buffers, bringing them closer to traditional financial institutions.
Upbit’s decision to place nearly all user funds in cold storage signals how far a leading exchange is now willing to go to reassure customers that their assets won’t be left sitting online as easy targets for hackers.
