Flow Foundation is seeking a court order in Seoul to halt the planned delisting of the FLOW token on three South Korean exchanges following an exploit on the protocol in December. 

 

The Flow Foundation and its parent company, Dapper Labs, filed a motion with the Seoul Central District Court on Monday to block the delisting of the FLOW token from three South Korean exchanges.

 

This move is coming months after the Layer 1 blockchain protocol suffered a security incident in December, which led to several exchanges temporarily stopping the trading of the FLOW token at the time. However, three major Korean exchanges; Upbit, Bithumb, and Coinone, have moved to permanently stop the trading of the token on their exchanges on March 16.

 

 

Flow’s Security Incident

On December 27, 2025, Flow suffered a protocol-level exploit that resulted in losses of about $3.9 million. The breach was caused by a flaw in the smart-contract runtime within Flow’s execution layer, which allowed the attacker to exploit vulnerabilities in Cadence. 

 

Cadence is Flow’s smart contract runtime. By exploiting the flaw in Cadence, the attacker was able to duplicate Flow tokens instead of properly minting them. 

 

After duplicating the tokens, the attacker attempted to bridge them out of the protocol using cross-chain bridges such as Celer, deBridge, Relay, and Stargate. However, this abnormal activity was detected by Flow’s validator network, which placed the blockchain in read-only mode, halting further asset transfers. 

 

This incident led to a sharp decline in the price of the FLOW token. Prior to the breach, FLOW was trading at around $0.17, but it fell over 40% to roughly $0.097 within hours of the exploit being announced. 

 

Image credit: Tradingview

 

The incident also affected the token’s market cap. Before the breach, FLOW had a market cap of around $280–284 million. After the breach, it fell to approximately $164–170 million. Although the breach directly resulted in a $3.9 million loss, the protocol’s total market value dropped by over $110 million. 

Image credit: Coingecko

 

Following remediation efforts after the incident, the Flow Foundation claimed that every major global exchange has independently reviewed and restored FLOW token trading on their platforms.

 

According to the foundation, the FLOW token remains fully available and tradeable on major exchanges, including Binance, Coinbase, Kraken, OKX, Gate.io, HTX, and Bybit, with Korbit being the only Korean exchange still supporting the trading of FLOW.

 

Upbit’s $30M Hack Exposes Critical Wallet Flaw and Sparks Exchange-Wide Security Overhaul

In late November 2025, South Korea’s largest cryptocurrency exchange, Upbit, confirmed a security breach resulting in the theft of approximately $30 million in digital assets. Following the incident, an emergency audit uncovered a critical vulnerability in Upbit’s internal wallet software, a flaw that, under certain conditions, could allow private keys to be inferred from public blockchain data. The revelation has shaken the industry, raising serious questions about exchange-level wallet security and exposing structural risks that go far beyond typical smart-contract exploits.

 

What Happened: The Hack and the Audit Discovery

On November 27, Upbit detected irregular withdrawals from wallets associated with Solana ecosystem assets. The suspicious activity triggered an immediate freeze on deposits and withdrawals, and all hot wallets were swept into cold storage for security. The total loss was confirmed at roughly $30 million in tokens, with approximately $1.5 million successfully frozen after being flagged in the withdrawal process.

As part of the recovery efforts, Upbit initiated a full emergency audit of its wallet infrastructure and blockchain transaction logs. The audit revealed that a flaw in the wallet’s internal signature implementation could have compromised private keys. Specifically, the software generated weak or predictable signature patterns. In cryptographic terms, this can make it mathematically possible to reconstruct private keys from publicly visible blockchain signatures. This is a deeply serious vulnerability that strikes at the core of how digital signatures are supposed to work.

Although Upbit has not concluded that this issue directly caused the hack, the exchange stated that the discovery will guide its complete rebuild of wallet and key-management infrastructure.

 

Why This Flaw Is Particularly Dangerous

Private Key Exposure At the Infrastructure Level

Typically, blockchain signatures are designed so that private keys remain secure even though transactions are public. The weakness in Upbit’s wallet implementation breaks that core principle. A flaw like this is not a user-level mistake, it is a systemic threat, where all assets held by the platform are at risk, not just an individual account.

Historical Transactions Could Be Vulnerable

Even if attackers did not exploit the flaw this time, it may have existed for years. That means older signatures could be analyzed retroactively. If any historical signature was generated under weak conditions, an attacker could potentially reconstruct private keys long after the transaction was made.

Custodial Trust Under Pressure

Most users trust centralized exchanges to safeguard private keys properly. A flaw of this magnitude undermines that trust. Institutional investors and large holders, who rely on strict compliance and robust custodial safeguards, may rethink their risk assessments after this discovery.

 

Upbit’s History of Security Breaches

This is not the first time Upbit has faced major security threats. In 2019 the exchange suffered a breach involving 342,000 ETH, valued at roughly $50 million at the time. That attack was later attributed to state-sponsored hacking groups. The incident influenced South Korean regulators to tighten security and mandate stronger custodial protections.

More recently, Upbit disclosed that it faced more than 159,000 hacking attempts within a six-month period in 2023. That wave of attacks led the exchange to modify its wallet architecture and lean more heavily on cold-storage practices.

The recurrence of significant security issues suggests that Upbit remains a high-value target and that its security infrastructure requires ongoing, rigorous oversight.

 

What Upbit Is Doing Now

Following the hack and the emergency audit, Upbit has taken several immediate actions:

• All deposits and withdrawals have been suspended while systems are secured.

• All hot wallet funds have been transferred into cold storage.

• The wallet infrastructure is being completely rebuilt, with particular focus on signature safety and key-management processes.

• Upbit has pledged to reimburse all affected customers from corporate reserves.

• The exchange is coordinating with law-enforcement agencies to track the stolen funds and freeze assets wherever possible.

The company has described the flaw as extremely rare and emphasized that proper blockchain signatures should never allow private-key inference under normal circumstances. Even so, the discovery will influence exchange security standards going forward.

 

Wider Industry Implications

Custodial Risk Must Be Re-Evaluated

The Upbit incident demonstrates that even large, established exchanges can harbor deeply critical vulnerabilities. The risk here is not just theft, but cryptographic failure. Institutions and retail users may reconsider whether centralized custody is appropriate, and may shift to multi-sig, cold storage, or hardware-based self-custody solutions.

Regulatory Scrutiny Will Increase

As more high-profile breaches occur, regulators are likely to introduce stricter auditing and compliance requirements. These may include mandatory signature verification audits, stronger hardware security module standards, and enhanced reporting rules for exchanges.

Developers Must Reassess Wallet Security

The flaw highlights a reality that many developers overlook. While smart-contract security often receives the most attention, wallet security, signature generation, and key-management logic are equally critical. A failure in these components can compromise entire platforms, regardless of smart-contract safety.

 

Final Thoughts

The Upbit breach and the subsequent discovery of a critical signature vulnerability represent a major turning point in how the industry views custodial risk. This incident is not simply another hack. It is a lesson in the fragility of cryptographic assumptions when wallet infrastructures are not implemented perfectly.

Upbit has taken serious steps to contain the damage, reimburse users, and rebuild its systems. Yet the broader implications extend far beyond one exchange. The incident serves as a reminder that in crypto, private keys are the ultimate line of defense, and any systemic flaw that jeopardizes them can create cascading risks across an entire ecosystem.

 

Exchanges, institutions, developers, and users must take this as a call to action. Security must evolve. Auditing must deepen. And the industry must continue moving toward architectures that reduce reliance on single points of failure.

 

Stay Connected

You can stay up to date on all News, Events, and Marketing of Rare Network, including Rare Evo: America’s Premier Blockchain Conference, happening  July 28th-31st, 2026 at The ARIA Resort & Casino, by following our socials on X, LinkedIn, and YouTube.