The cryptocurrency world was rocked on November 27, 2019, when South Korean exchange Upbit confirmed that hackers had stolen 342,000 Ethereum (ETH) tokens — worth approximately $50 million at the time — from its hot wallet in a single, brazen attack.
TL;DR
- 342,000 ETH (roughly $49–50 million / 58 billion won) stolen from Upbit’s Ethereum hot wallet
- Funds moved to unknown wallet address at 1:06 PM KST on November 27, 2019
- Exchange immediately transferred remaining assets to cold storage
- Deposits and withdrawals suspended for at least two weeks
- Upbit CEO Lee Seok-woo pledged full compensation from corporate assets
The Attack: What Happened
At exactly 1:06 PM Korean Standard Time on November 27, 2019, a massive unauthorized transfer of 342,000 ETH was initiated from Upbit’s Ethereum hot wallet. The tokens — valued at approximately 58 billion Korean won, or roughly $49 million based on the ETH price of around $144 at the time — were moved to an unknown wallet address: 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.
The transfer was detected almost immediately. Members of the crypto community spotted the abnormal movement through blockchain monitoring tools before Upbit even issued its official statement. Whale Alert and independent blockchain analysts flagged the suspicious outflow, with some initially wondering whether it was an internal transfer or whale movement.
Upbit’s Immediate Response
Lee Seok-woo, CEO of Dunamu — the company that operates Upbit — released an official notice on the exchange’s website confirming the breach. The response was swift and multi-pronged:
First, all remaining cryptocurrency held in Upbit’s hot wallets was immediately transferred to cold wallets — hardware-based, offline storage that is significantly more resistant to remote attacks.
Second, all deposit and withdrawal services were suspended indefinitely. The exchange estimated that it would take at least two weeks before normal operations could resume, promising to update users as the situation developed.
Third, and perhaps most critically for the exchange’s users, Upbit pledged to fully cover all losses using its own corporate assets. “Upbit will cover the amount transferred to unknown wallets,” the official statement read, reassuring customers that their individual balances would not be affected.
Industry Response and Cross-Exchange Coordination
The hack sent immediate shockwaves through the cryptocurrency market. Bitcoin’s price dropped roughly $200 within hours of the news breaking, reflecting the broader market’s sensitivity to major exchange security incidents.
Changpeng Zhao (CZ), CEO of Binance, publicly offered assistance via social media, stating: “We will work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.” This cross-exchange cooperation is a standard but crucial response to major hacks, as it attempts to prevent the stolen funds from being laundered through other platforms.
Context: Exchange Hacks in 2019
The Upbit hack was one of several high-profile exchange breaches in 2019. Earlier in the year, Binance itself had lost $40 million in Bitcoin when hackers compromised user API keys. The string of incidents highlighted persistent vulnerabilities in centralized exchange infrastructure, particularly around hot wallet management.
At the time of the hack, ETH was trading at approximately $144, while Bitcoin hovered around $7,100 — itself under pressure from a broader market sell-off driven by China’s renewed crackdown on cryptocurrency activities. The Upbit incident compounded an already difficult week for crypto markets.
Why This Matters
The Upbit hack underscored several critical issues that remain relevant to this day. Hot wallets, while necessary for exchange liquidity, remain prime targets for sophisticated attackers. The incident also demonstrated the importance of exchange solvency — Upbit’s ability to cover $50 million in losses from corporate assets was a meaningful signal of institutional resilience. For users, it was yet another reminder that centralized exchanges, no matter how large or reputable, carry custodial risk. The push for decentralized alternatives and self-custody solutions gained further momentum in the months that followed.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making investment decisions.
342k ETH gone in one transaction and nobody caught it until after. hot wallets in 2019 were basically treasure chests with the key under the doormat
Dae-Ho Korean exchanges in 2019 were running like 2014 infrastructure. upbit was the biggest and still had 342k ETH in a single hot wallet address
jangmi_k exactly right. korean regulators fined upbit for poor security just months before the hack. nobody listened
Dae-Ho K. fact, korean exchanges in 2019 were basically running on fumes. bithumb got hit like 3 times that same year and nobody cared
Lee Seok-woo personally covering $50M from corporate assets is wild. try getting that from any exchange CEO today
true, but the fact that 342k ETH was sitting in a hot wallet at all is the real scandal. mt gox taught everyone nothing
2019 korean exchanges were still running infrastructure that wouldnt pass a basic security audit. multi-sig custody was barely a concept there
mt gox lost 850k BTC from cold storage failures. upbit lost 342k ETH from a hot wallet. the industry keeps learning the same lesson
Gaspar M mt gox was cold storage failures but upbit was pure hot wallet negligence. different failure mode same result. user funds gone
342k eth at $144 each. that same stash is worth over a billion now. the hacker basically won the lottery by accident
Lee Seok-woo covering $50M from corporate assets is the only reason upbit survived. without that guarantee it would have been another mt gox
personal guarantees from exchange CEOs used to mean something. post-ftx that social contract is completely dead