RateMyWallets
Published on December 10th, 2025By The RateMyWallets Team

15 Minutes to Zero: Analyzing the $35M South Korean Exchange Hack

SecurityCrypto HackHot WalletSelf-CustodyExchange Security

RateMyWallets is reader-supported. When you buy through links on this page, we may earn a commission at no extra cost to you.

Header image for 15 Minutes to Zero: Analyzing the $35M South Korean Exchange Hack

The Incident: A Lightning-Fast Drain

On December 3, 2025, security analysts identified a massive anomaly involving a South Korean trading platform. Hundreds of transactions drained the exchange's hot wallets of roughly 44.5 billion KRW (approximately $33-35 million) in 15 minutes! This starkly impressive attack was characterized by a specific "drained-to-zero" pattern, where wallets were systematically emptied of their balances entirely.

The stolen assets comprised a wide array of highly liquid tokens, including USDC, BONK, SOL, ORCA, RAY, PYTH, and JUP. To complicate tracing and freezing efforts, the perpetrators skillfully utilized Automated Market Makers (AMMs) to swap the stolen funds, washing the assets through decentralized liquidity pools at high speed.

Technical Analysis: Compromising the Signing Flow

Unlike many high-profile hacks that rely on user phishing or smart contract bugs, this breach targeted the core infrastructure of the exchange. Technical analysis reveals a direct compromise of the hot-wallet signing flow.

This suggests that the attackers gained unauthorized access to the mechanisms responsible for authorizing transactions, potentially bypassing standard security checks. The incident highlights the critical importance of "burst detection"—systems designed to identify and halt rapid, high-value outflows before wallets are depleted. While the exchange was able to freeze and recover approximately 23 billion KRW worth of LAYER tokens (more than half the stolen amount), the loss of roughly $17 million in liquid assets remains significant. Consequently, the platform was forced to pause all user withdrawals immediately.

The Case for Robust Self-Custody

This incident serves as a critical lesson for individual investors: If you do not hold the private keys, you do not truly control the assets. We at RateMyWallets are a firm believer in owning your on cold storage solution to mitigate these risks.

When evaluating hardware wallets to replace exchange custody, users should look for specific, battle-tested security features:

  • Passphrase and PIN Protection: Seek devices that offer both PIN protection for access and an optional passphrase. This creates a "hidden wallet" layer, ensuring that even if physical access is compromised, the funds remain inaccessible.
  • On-Device Confirmation: Security relies on verification. Ensure your chosen wallet requires physical, on-device transaction confirmation. This prevents malware on a connected computer from auto-signing malicious transactions without your manual consent.
  • Open-Source Firmware: Trust is minimized when code is transparent. Wallets running open-source firmware allow the security community to audit the code for backdoors or vulnerabilities.
  • Secure Bootloader: A secure bootloader checks the authenticity of the firmware every time the device starts, ensuring that the device hasn't been tampered with or loaded with malicious code during transit.

By prioritizing these features, users can insulate themselves from the systemic risks that continue to plague centralized exchanges.

Check out our review of the Ledger Nano X and the Trezor Model T for more details on how these devices stack up in terms of security and usability.

Disclaimer: RateMyWallets.com is a reader-supported data aggregation and review platform.
Risk Warning: Cryptocurrency assets and self-custody wallets involve significant risk, including the total loss of funds. We utilize data science methodologies to assess wallet security, but we are not financial advisors. All content is for educational purposes only. Never invest more than you can afford to lose.