Upbit Hack Tied To Nonce Bias In Solana Transactions Says Korean Expert

TLDR

• A Korean expert says nonce bias in Solana signatures exposed Upbit private keys.
• Attackers reviewed millions of Upbit transactions to detect cryptographic flaws.
• The breach hit both Upbit’s hot wallets and user deposit wallets, records show.
• Upbit froze withdrawals and moved funds to cold wallets after detecting the attack.

A South Korean expert has claimed that the recent Upbit security breach was caused by a sophisticated cryptographic flaw, not a basic system vulnerability. The exploit reportedly targeted weaknesses in the generation of nonces used to sign Solana blockchain transactions, allowing attackers to deduce private keys.

Professor Jaewoo Cho from Hansung University said the breach stemmed from predictable patterns in Upbit’s signing process. Instead of a simple compromise of wallet keys, attackers likely used advanced statistical analysis across millions of blockchain signatures.

Security Flaw Traced to Biased Nonce Patterns

Upbit’s parent company, Dunamu, confirmed the presence of a vulnerability that allowed private keys to be exposed through blockchain data. CEO Kyoungsuk Oh publicly apologized and said the company had acted quickly to contain the threat.

Professor Cho explained that the attackers likely exploited biased or insufficiently random nonces—values used in each digital signature—to uncover private keys. “This is not about simple reuse,” he said, referring to common ECDSA flaws. “It’s about slight statistical biases detectable at scale.”

Cryptographic research published in 2025 shows that when attackers find related or affine nonces in ECDSA, even minimal patterns can lead to key recovery. In Upbit’s case, Solana’s signature structure was used in a way that exposed such vulnerabilities.

Attackers Gained Access to Multiple Wallet Types

Blockchain analysis suggests that both hot wallets and individual deposit wallets were affected by the attack. These wallets use different security systems, but compromised signing processes may have allowed access to all of them.

Some researchers believe the sweep-authority keys were also affected, meaning attackers could move funds from multiple deposit addresses. Upbit responded by halting deposits and withdrawals and transferring remaining funds to cold wallets.

According to internal reports, the company will cover user losses from its reserves. Investigators have not confirmed if any state-sponsored groups were involved, although the complexity of the attack suggests a highly organized team.

Industry Risks and Internal System Review

Following the breach, Upbit began reviewing its internal wallet infrastructure, including hardware security modules (HSMs) and multi-party computation (MPC) systems. Experts say the attackers required extensive resources to analyze millions of transaction signatures, suggesting strong planning and technical skills.

Some cybersecurity researchers have pointed out that similar patterns were seen in the 2019 Upbit breach, which was linked to North Korean groups. This new incident occurred on the sixth anniversary of that attack, raising questions among online users about possible coordination or internal lapses.

Community concerns grew as some speculated about insider involvement, especially as the hack took place during a major corporate merger involving Dunamu and Naver Financial.

Nonce Bias Presents New Challenge for Crypto Exchanges

The Upbit breach underlines a growing challenge for exchanges using ECDSA-based signatures. While the cryptographic system itself is secure, weak or predictable nonce generation can compromise it.

“Even minor randomness issues can leak critical information,” said Professor Cho. Research shows that only two signatures with related nonces may expose a private key. Exchanges must now reassess how they handle key signing to avoid similar issues.

Upbit has not shared the total amount stolen, but blockchain data suggests millions of dollars in digital assets may have been affected.

The post Upbit Hack Tied To Nonce Bias In Solana Transactions Says Korean Expert appeared first on CoinCentral.