Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptopolitan /
Upbit Cuts Legacy Deposit Addresses in Major Security Overhaul

Upbit Cuts Legacy Deposit Addresses in Major Security Overhaul

Author:
Cryptopolitan
Published:
2025-12-05 10:56:42
13
1

Upbit removes old deposit addresses to protect users

South Korea's crypto giant Upbit just pulled the plug on old deposit addresses. The move? A preemptive strike against user funds getting siphoned to outdated wallets.

Why the Clean Sweep?

Think of a deposit address like a numbered bank account. Leave it active too long, and the risk of it being compromised or forgotten skyrockets. Upbit's purge targets these dormant vectors before bad actors do. It's a forced upgrade for your security—no choice, no notice for addresses past their prime.

The Industry's Silent Standard

This isn't innovation; it's hygiene. Major exchanges quietly cycle addresses, treating permanent ones as a liability. Upbit just made the process public and mandatory. They're not leading the charge—they're enforcing a basic standard other platforms keep in the fine print.

User Impact: Zero-Day Compliance

Got an old Upbit address saved in your ledger or a trading bot? It's now a dead end. Any funds sent there post-purge are lost in the blockchain void—no reversals, no customer service ticket to fix it. The responsibility shifts entirely to the user to fetch a fresh address for every deposit. Convenience takes a backseat to security, a trade-off that would give traditional finance compliance officers a migraine.

Upbit's move is a stark reminder: in crypto, you're your own custodian, even when using a centralized exchange. They'll change the locks, but you're the one who must remember not to mail a check to your old apartment. It's the kind of user protection that feels a lot like tough love—or a clever way to offload liability while sounding like a hero. After all, what's a better shield against support tickets than making lost funds the user's fault?

Upbit implements new measures after Solana exploit

Upbit claimed that new deposit addresses are needed for all digital assets due to security vulnerability improvements. Deposits and withdrawals of digital assets that were suspended for various reasons prior to the inspection may remain suspended until the issue is resolved.

The exchange stated that once the target service’s stability has been verified, any staking requests, NFT deposits, and withdrawals supported by the network or digital asset will be resumed.

As previously reported by Cryptopolitan, the platform initially suspended all its services on November 27 due to a security breach that resulted in the unauthorized withdrawal of approximately 54 billion Korean won ($36.8 million). The attackers stole SOL, USDC, and more than 20 other Solana-based tokens like BONK, JUP, RAY, ORCA, RENDER, PYTH, and TRUMP.

The incident took place the day after Naver Financial announced that it WOULD acquire Dunamu, the parent company of Upbit, for 15.1 trillion won ($10.3 billion) in an all-stock merger that was scheduled to be finalized in June 2026.

To prevent any losses, Upbit promptly suspended all deposits and withdrawals on its platform and transferred any remaining assets to cold storage. In addition to successfully freezing $8.18 million worth of LAYER tokens, the exchange continues to collaborate with authorities and projects to freeze further stolen funds.

Oh Kyung-seok, CEO of Upbit, stated that the exchange will use its own reserves to cover the whole sum, guaranteeing that no customer would suffer personal losses.

North Korean Lazarus group linked to Upbit hacks

Upbit has been hacked before. In 2019, the Lazarus Group was suspected of stealing 58 billion won worth of ethereum from Upbit. A further inquiry came to the tentative conclusion that the Lazarus Group and other North Korean state-backed units were responsible for the attack.

Notably, the recent breach happened on November 27, the same day as the 2019 hack. 

According to South Korean government officials, the hackers either gained access to administrator accounts or impersonated administrators to approve the transfers. Blockchain analysis reveals that the hacker’s wallet converted Solana to USDC before bridging the cash to the Ethereum network, in what appears to be an effort to conceal the trail.

Immunefi, a blockchain security platform, revealed that Lazarus was responsible for more than $300 million in losses from cryptocurrency hacking incidents in 2023, accounting for 17.6% of all losses.

Over the past decade, the Lazarus Group has been responsible for some of the largest hacks, particularly in the rapidly growing cryptocurrency sector. According to Immunefi, Lazarus began focusing on cryptocurrency protocols after initially gaining notoriety for its 2014 cyberattack on Sony Pictures. 

In March 2023, the Lazarus hacked Ronin Network, a bridge utilized by the well-known Web3 game Axie Infinity, and stole around  $600 million. Lazarus also conducted the cyber heist on the Central Bank of Bangladesh in 2016, resulting in $81 million in losses.

According to blockchain analysis company Elliptic, hackers employed by the North Korean government have taken over $2 billion in cryptocurrency so far this year.

On October 7, Elliptic published a blog post with new forecasts, stating that the firm’s data “shows the largest annual total on record, with three months still to go,” and is based on more than 30 hacks in 2025.

Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.