Binance is once again the center of debate in South Korea after new investigative reports revealed that the exchange froze only a small portion of the crypto stolen during last month’s Upbit hack. According to national broadcaster KBS, police requested an urgent freeze of roughly 470 million KRW worth of Solana-based assets tied to the attack—but Binance ultimately locked down only about 80 million KRW, or roughly 17% of the total.
Even more concerning for regulators: the freeze came 15 hours after the initial request, giving hackers a wide window to continue laundering the stolen assets. The incident has reignited a fierce debate over how fast major exchanges should respond during security emergencies—especially when stolen funds can move between blockchains in seconds.
Hackers Used Thousands of Wallets to Obscure the Trail
Authorities say the Upbit attackers moved with alarming speed and sophistication. Security analysts discovered that the hackers scattered the stolen tokens across a long chain of deposits and withdrawals involving over a thousand wallets. They also utilized blockchain bridges and token swaps to change coin types and networks, making the trail significantly harder to trace.
According to KBS, Binance was asked by South Korean police to freeze crypto assets stolen from Upbit but froze only part of the funds. Authorities requested a freeze on about 470 million KRW in Solana tokens, but Binance, citing the need for further verification, froze only 17%…
— Wu Blockchain (@WuBlockchain) December 12, 2025
Most of the laundered funds eventually landed in third-party service wallets on Binance. Because of this, police urgently asked the exchange to stop the movement before the assets dispersed even further. However, Binance told investigators that it needed “additional verification” before freezing the full amount. While the exchange did eventually act, the freeze covered only a small fraction of the assets traced to its platform.
This gap between the request and the action is now a core point of criticism.
Officials Question Binance’s Delayed Response
According to KBS, Binance only notified Upbit of the partial freeze close to midnight on the 27th—almost 15 hours after the initial police request. Experts argue this delay likely gave the hackers enough time to funnel additional funds through obfuscation layers.
Professor Cho Jae-woo of Hansung University described the situation as troubling, emphasizing that speed is critical in limiting losses after a major hack. Yet, he said, exchanges often hesitate due to legal concerns, compliance burdens, or jurisdiction conflicts.
Cho argued that the industry urgently needs a formal global emergency coordination system that allows exchanges to freeze suspicious funds instantly during crisis moments. He proposed creating a worldwide “hotline” or rapid-response group with predefined authority to act fast—before criminals can exploit slow communication across borders.
Stolen SOL Converted to Ethereum After the Freeze
Investigators have confirmed that most of the stolen Solana-based tokens have already been converted into Ethereum, a move that signals the hackers may be shifting to more liquid markets. ETH remains one of the easiest assets to cash out due to its deep liquidity and large number of trading venues.
Meanwhile, Binance declined to explain why only part of the traced funds were frozen or why the process took so long. The exchange reiterated its standard statement that it “cannot comment on ongoing investigations,” but insisted that it will continue cooperating with law enforcement.
Still, the partial freeze and extended delay are fueling new concerns about whether global exchanges are equipped to act fast enough during high-stakes attacks—and what structural changes are needed to stop sophisticated hackers from staying one step ahead of the system.
