Upbit Data Breach: 104 Billion Coins Drained in 54 Minutes During November Cyber Attack

South Korean crypto exchange Upbit lost approximately 104.06 billion coins—worth roughly 44.5 billion won ($30.2 million)—in a single cyber breach lasting just 54 minutes, according to data from the Financial Supervisory Service disclosed by Rep. Kang Min-kuk of the National Assembly's Political Affairs Committee.

The breach occurred between 4:42 a.m. and 5:36 a.m. on November 27, with stolen funds transferred to unknown external wallets at a rate of roughly 32 million coins per second—equivalent to 13.7 million won in value lost every second. Analysis of the stolen assets reveals Bonk (BONK) tokens dominated the haul: 103.12 billion BONK coins were drained, representing 99.1 percent of the total volume by count, though the per-token valuation remains significantly lower than other major cryptocurrencies.

The incident has intensified scrutiny on Upbit's security infrastructure and the broader vulnerabilities of cryptocurrency exchanges operating under South Korean regulatory oversight. The scale and speed of the breach raise questions about detection lag times and whether existing safeguards met the demands of modern exchange operations handling billions in daily volume. Regulators are likely to face pressure to reassess compliance requirements and audit protocols for domestic crypto platforms. Upbit, one of South Korea's largest digital asset exchanges, now confronts potential fallout including user trust erosion, regulatory probes, and possible compensation obligations as the investigation into the breach continues.