Rewrite the
Hackers laundered stolen Upbit funds through thousands of wallets before moving most assets into Binance-hosted service wallets.
Binance, the world’s largest cryptocurrency exchange, reportedly complied with only a fraction of a freeze request from South Korean police following a major hack of competitor Upbit in late November 2025.
The limited cooperation has ignited criticism from industry experts, who argue that slow responses from major platforms undermine collective security.
A Delayed and Partial Freeze
On the morning of November 27, 2025, hackers breached Upbit, stealing a significant sum of cryptocurrency. As reported by KBS News, the stolen funds were laundered through a complex process involving over a thousand wallets, with “bridges” and “swaps” used to obscure their trail. Most of the laundered assets eventually flowed into third-party service wallets hosted on Binance.
That same day, South Korean police and Upbit formally requested Binance to freeze approximately 470 million won worth of stolen Solana (SOL) tokens that had been traced to its platform.
According to the KBS report, Binance froze only about 80 million won, which is roughly 17% of the requested amount, citing a need for further fact-checking. The exchange notified authorities that the freeze was complete around midnight on November 27, approximately 15 hours after the initial request.
Speaking to CryptoPotato, a Binance spokesperson said:
Reports suggesting delayed response or partial action by Binance are inaccurate. Binance’s security and investigations teams identified the incident and immediately took action to assist in freezing related transfers and mitigating further movements.
We have been working closely with local law enforcement and relevant parties on the matter, and continue to monitor the situation closely and provide support as needed.
Any suggestion that we did not take prompt or effective actions are therefore unsubstantiated and inaccurate. We remain committed to cooperating with relevant authorities and partners wherever appropriate.
Broader Scrutiny on Exchange Security and Compliance
This incident has happened against a backdrop of heightened scrutiny on how major exchanges handle illicit fund flows. A major investigative report published by the International Consortium of Investigative Journalists (ICIJ) last month revealed that criminal entities, including North Korean hackers and scam networks, routinely use top exchanges to move funds. The investigation noted that significant sums flowed through Binance and other platforms even while they were under court-appointed monitors following major legal settlements.
You may also like:
Separately, on December 11, 2025, Binance co-founder Changpeng “CZ” Zhao alerted users that co-CEO Yi He’s WeChat account had been hijacked to promote a fraudulent meme coin, a pump-and-dump scheme that netted scammers around $55,000.
This pattern has prompted calls for systemic reform, with Cho Jae-woo, director of the Blockchain Research Institute at Hansung University, telling KBS that rapid freezes are essential to minimize hacking damage but exchanges often act passively, citing litigation risks.
He suggested establishing a global hotline between exchanges or a consultative body with emergency freeze authority to enable faster, preemptive action.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
in well organized HTML format with all tags properly closed. Create appropriate headings and subheadings to organize the content. Ensure the rewritten content is approximately 1500 words. Do not include the title and images. please do not add any introductory text in start and any Note in the end explaining about what you have done or how you done it .i am directly publishing the output as article so please only give me rewritten content. At the end of the content, include a “Conclusion” section and a well-formatted “FAQs” section.
