Upbit Deletes All Old Deposit Addresses After 44.5 Billion KRW Hack

South Korea’s largest crypto exchange Upbit is making one of its biggest security resets ever. The exchange has deleted every old deposit address on its platform. Users now must generate new addresses before making any deposits.

This move doesn’t come lightly. It follows the Nov. 27 security breach where hackers managed to drain about 44.5 billion KRW worth of assets linked to the Solana network. Upbit isn’t simply patching a hole. It’s rebuilding the walls.

A Forced Reset After A Deep Security Breach

Upbit isn’t calling this a simple maintenance update. It’s a full structural reset.

On Nov. 27, hackers didn’t just exploit an on-chain error. They broke into Upbit’s internal withdrawal operation process . That’s the part of the system that manages addresses, approvals, and actual outbound fund movements.

Once attackers touch the wallet-management layer, the old addresses become unsafe , even if the keys themselves weren’t leaked. The pipelines that control those addresses were exposed.

So Upbit chose the only option that eliminates the risk entirely:

• Delete all old deposit addresses.
• Shut down every old pipeline.
• Deploy a completely new address-management infrastructure.

Users must now generate fresh deposit addresses. Anything sent to old ones will not be recognized. The reset is absolute.

Deposits And Withdrawals Come Back In Phases

Upbit says deposits and withdrawals will reopen gradually.

Starting Dec. 5 at 17:00 KST , the exchange will begin restoring functionality for:

•  33 assets  
•  21 networks

The rollout will happen in phases. Not everything returns at once. The measured timing signals that Upbit has completed most of its internal wallet checks but is still testing how the new architecture behaves in live conditions.

A staggered reopening also gives the engineering team room to monitor volumes, observe patterns, and confirm that no irregularities resurface.

This is the kind of security posture an exchange adopts after a real scare , one where the attackers didn’t just steal funds, but touched the deeper system logic.

Why The Complete Address Wipe Was Necessary

Most users first wondered: Why delete all old addresses? Why couldn’t Upbit simply freeze withdrawals or rotate keys?

The answer is simple:

• The attack wasn’t about the blockchain. It was about Upbit’s internal processes.

The vulnerability existed in the operational layer, not at the protocol level. When hackers reach the infrastructure that manages address routing, the entire mapping system becomes untrustworthy. Even if the addresses themselves still work, the internal logic controlling them might have been compromised.

So Upbit acted decisively:

• Reset everything.  
• Cut off compromised routes.  
• Shut down every legacy configuration.  
• Rebuild the address system from scratch. 

This is the safest approach exchanges take when their internal wallet-management layers are breached. It prevents repeat attacks, hidden exploits, or slow-acting vulnerabilities that could remain in the system.

Full Compensation Remains In Place

Despite the 44.5 billion KRW loss, Upbit says it still commits to full compensation.

The exchange has a long-standing reputation in Korea for covering user losses from hacks or operational failures. This incident hasn’t changed that stance. For users, it’s a crucial reassurance, especially in a market where security breaches have historically caused massive trust drops across exchanges.

Compensation also stabilizes sentiment. Users know their balances are safe. The main disruption is procedural , not financial.

Korea’s Altcoin Market Prepares For Impact

While Upbit’s reset is primarily a security measure, it will also trigger market consequences , especially in Korea’s altcoin-heavy retail environment.

When Upbit froze deposits and withdrawals after the breach, it unintentionally created price distortions. Small-cap Solana-based tokens pumped as liquidity dried up.

With no new tokens entering the exchange, supply shrank while demand stayed high. Korean traders often jump quickly into arbitrage gaps, amplifying the price moves.

But once Upbit reopens wallets for those assets:

•  Liquidity returns.
•  Arbitrage flows normalize.
•  Prices converge with global averages.

The sharp local premiums on low-cap Solana tokens will almost certainly fade. FOMO-driven price gaps disappear the moment users can deposit again. Tokens that saw isolated pumps in the Korean market may retrace sharply.

This is a common pattern in Korea:

Freeze deposits → supply drops → altcoins pump → reopening crashes the premium.

Users holding those tokens should brace for normalization.

What Users Must Do Now  

The most important action is simple:

• Generate new deposit addresses. Immediately.

Upbit will not support deposits to old addresses. If users mistakenly send funds to deleted addresses, those deposits likely cannot be recovered.

Users should:

•   Open the Upbit app or web account
•   Navigate to their wallet page
•   Generate new deposit addresses for each asset they hold
•   Wait for Upbit’s phased reopening schedule before transferring
•   Double-check network type before sending any tokens

This reset isn’t optional. Every user’s old address is now invalid.

A New Security Era For Upbit  

Deleting all deposit addresses isn’t a small move. It is a full architectural overhaul. It shows Upbit isn’t trying to fix one hole , it is rebuilding the entire hallway where those holes formed.

The exchange appears committed to:

•   Hardening its wallet infrastructure
•   Restoring user confidence
•   Eliminating any lingering exposure
•   Ensuring no repeat of the Nov. 27 breach

With the phased reopening beginning Dec. 5, Upbit steps into a new security framework. Users adapt. Markets reset. Low-cap tokens stabilize. And Korea’s largest exchange signals that security resets are sometimes more important than convenience.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.

Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!