Nikolas Sargeant
Binance has rejected allegations that it failed to act swiftly in freezing assets connected to last month's Upbit breach, disputing reports suggesting the exchange only partially complied with requests from South Korean law enforcement investigating the $30 million cryptocurrency theft.
In a statement provided to Cryptonews, a Binance spokesperson characterized suggestions of delayed or limited cooperation as inaccurate. "Binance's security and investigations teams identified the incident and immediately took action to assist in freezing related transfers and mitigating further movements," the spokesperson said.
The exchange emphasized it has maintained close collaboration with law enforcement and relevant parties since the incident began. "We continue to monitor the situation closely and provide support as needed," the spokesperson added, asserting that claims suggesting Binance did not take prompt or effective action are "unsubstantiated and inaccurate."
The response addresses a report published last week citing South Korean investigators who claimed Binance froze only a small fraction of stolen funds during the Upbit breach investigation. According to local media coverage, authorities stated approximately 17% of flagged assets were ultimately secured through freezing mechanisms.
Investigators allege attackers behind the November 27 breach moved rapidly, dispersing stolen cryptocurrency across more than one thousand separate wallets within hours of the initial theft. Security analysts tracking the incident said the group employed chain hopping techniques, token swaps, and cross-chain bridges to obscure transaction trails, tactics that significantly complicated asset recovery efforts.
Authorities indicated a substantial portion of laundered assets eventually reached service wallets on Binance's platform. Upbit and South Korean police reportedly requested immediate freezing of approximately 470 million won (roughly $370,000) worth of Solana tokens believed to have entered the exchange following the breach.
Of that requested amount, about 80 million won (approximately $75,000) was frozen, with Binance citing requirements for additional verification before implementing broader asset restrictions, according to previous statements from Korean authorities. The discrepancy between requested and executed freezing actions forms the basis of the delayed response allegations Binance now disputes.
Upbit responded to the breach by implementing one of the most aggressive security overhauls yet undertaken by a major cryptocurrency exchange. Operator Dunamu announced the platform will relocate nearly all customer assets into cold storage following the theft of 44.5 billion won (about $30 million) from its Solana hot wallet.
The exchange plans to raise its cold wallet storage ratio to 99% while reducing hot wallet exposure to effectively zero, substantially exceeding South Korea's legal requirement that 80% of user funds remain in offline storage. Upbit already maintained 98.33% of assets in cold storage at the end of October, the highest proportion among domestic platforms, but accelerated security improvements following the November incident.
South Korean authorities have launched a formal investigation into the breach, with local media citing preliminary intelligence assessments allegedly linking the intrusion to North Korea's Lazarus Group, a state-sponsored hacking collective responsible for numerous high-profile cryptocurrency thefts in recent years.
The dispute between Binance and South Korean investigators highlights ongoing challenges in international cryptocurrency incident response, where rapid asset movement across multiple platforms and jurisdictions can complicate coordination between exchanges and law enforcement agencies operating under different regulatory frameworks and verification procedures.
