Binance has strongly rejected claims from South Korean investigators that the exchange was slow to act or only partially complied with requests to freeze funds connected to last month's $30 million Upbit hack.
Binance's Defense:
- A spokesperson for Binance asserted that suggestions of a delayed or limited response are "unsubstantiated and inaccurate."
- The exchange claims its security teams "immediately took action" to identify the incident, freeze related transfers, and mitigate further movement of funds.
- Binance emphasizes that it continues to work closely with law enforcement.
Authorities' Allegations:
- South Korean investigators reportedly claimed that only about 17% of the assets flagged for freezing were ultimately locked down by Binance.
- Authorities allege that the hackers behind the November 27 breach moved quickly, dispersing stolen funds across over a thousand wallets within hours, complicating recovery efforts through methods like chain hopping and token swaps.
- Specifically, Upbit and police requested an immediate freeze on approximately $370,000 (470 million won) in Solana tokens that reached Binance. However, only about $75,000 (80 million won) was reportedly frozen, with Binance allegedly citing a need for additional verification.
Upbit's Security Response:
- In response to the theft of $30 million from its Solana hot wallet, Upbit is dramatically enhancing security by moving nearly all customer assets (99%) into cold storage (offline wallets).
- This measure far exceeds South Korea’s legal requirement of 80% offline storage, effectively reducing its hot wallet exposure to zero.
Ongoing Investigation:
- South Korean authorities have launched an investigation, with early intelligence reports allegedly connecting the intrusion to North Korea’s Lazarus Group.
December 2025, Cryptoniteuae