RateMyWallets
Published on December 10th, 2025By The RateMyWallets Team

15 Minutes to Zero: Analyzing the $35M South Korean Exchange Hack

SecurityCrypto HackHot WalletSelf-CustodyExchange Security
Header image for 15 Minutes to Zero: Analyzing the $35M South Korean Exchange Hack

The Incident: A Lightning-Fast Drain

On December 3, 2025, security analysts identified a massive anomaly involving a South Korean trading platform. In a span of just 15 minutes, attackers executed hundreds of transactions, draining the exchange's hot wallets of roughly 44.5 billion KRW (approximately $33-35 million). The speed of the attack was characterized by a specific "drained-to-zero" pattern, where wallets were systematically emptied of their balances entirely.

The stolen assets comprised a wide array of high-liquidity tokens, including USDC, BONK, SOL, ORCA, RAY, PYTH, and JUP. To complicate tracing and freezing efforts, the perpetrators immediately utilized Automated Market Makers (AMMs) to swap the stolen funds, washing the assets through decentralized liquidity pools at high speed.

Technical Analysis: Compromising the Signing Flow

Unlike many high-profile hacks that rely on user phishing or smart contract bugs, this breach targeted the core infrastructure of the exchange. Technical analysis reveals a direct compromise of the hot-wallet signing flow.

This suggests that the attackers gained unauthorized access to the mechanisms responsible for authorizing transactions, potentially bypassing standard security checks. The incident highlights the critical importance of "burst detection"—systems designed to identify and halt rapid, high-value outflows before wallets are depleted. While the exchange was able to freeze and recover approximately 23 billion KRW worth of LAYER tokens (more than half the stolen amount), the loss of roughly $17 million in liquid assets remains significant. Consequently, the platform was forced to pause all user withdrawals immediately.

The Case for Robust Self-Custody

This incident serves as a critical lesson for individual investors: This incident serves as a stark reminder that if you do not hold the private keys, you do not truly control the assets. To mitigate these risks, investors should prioritize cold storage solutions that place security in their own hands.

When evaluating hardware wallets to replace exchange custody, users should look for specific, battle-tested security features:

  • Passphrase and PIN Protection: Seek devices that offer both PIN protection for access and an optional passphrase. This creates a "hidden wallet" layer, ensuring that even if physical access is compromised, the funds remain inaccessible.
  • On-Device Confirmation: Security relies on verification. Ensure your chosen wallet requires physical, on-device transaction confirmation. This prevents malware on a connected computer from auto-signing malicious transactions without your manual consent.
  • Open-Source Firmware: Trust is minimized when code is transparent. Wallets running open-source firmware allow the security community to audit the code for backdoors or vulnerabilities.
  • Secure Bootloader: A secure bootloader checks the authenticity of the firmware every time the device starts, ensuring that the device hasn't been tampered with or loaded with malicious code during transit.

By prioritizing these features, users can insulate themselves from the systemic risks that continue to plague centralized exchanges.