Last night the group was in an uproar again.
An old friend sent a message: "This wave is not a drop in coin price; it is that those who treat us as ATMs are starting to settle up."
He is not referring to Bitcoin dropping below 85,000 USD again, but rather to two news stories that are trending today:
A review after a 36 million USD hot wallet hack from the South Korean exchange Upbit; another report is that the veteran DeFi DEX SushiSwap was 'taken over' for 3.3 million USD, with the CEO stepping down, and TVL dropping from the peak of 8 billion USD to just 1%.
Does it sound a bit far from you? But if you have coins in centralized exchanges and have chased early opportunities in various DeFi—these two matters are actually quietly rewriting your underlying risk logic.
One, Upbit hacked again: It's not that you 'are fine,' but rather that someone else has paid your tuition.
Let's first look at the first surprise attack.
South Korea's largest exchange Upbit was attacked on November 27, with hackers pulling approximately 540 billion KRW from a hot wallet in a matter of minutes, equivalent to 36 to 38 million USD, involving a whole basket of Solana ecosystem assets like SOL, USDC, BONK, JTO, PYTH, and RENDER.
Upbit's approach is very standard:
• Immediately suspend deposits and withdrawals on the Solana network and transfer all remaining assets to cold wallets;
• The announcement promises: all user losses will be fully covered by the exchange's own funds, and users 'will not incur any losses';
• It was later announced that on December 1st at 1 PM (Korean time), withdrawals and deposits would be gradually restarted, with all old deposit addresses becoming invalid, requiring users to generate new addresses.
Many people see this and their first reaction is:
"If we can compensate in full, isn't that okay? At most, it's a hassle for a few days."
The problem lies here—what you thought was fine was just because someone paid your tuition.
According to CryptoSlate's analysis, this Upbit incident once again laid bare the truth about so-called 'hot wallet insurance': most exchanges don't actually have any real third-party insurance companies; rather, they use company capital as a 'self-insurance pool' and treat the stolen money as operational costs.
It sounds very responsible, but the actual impact on the market is:
• During the withdrawal suspension period, market maker liquidity sharply decreased, and the market depth instantly thinned;
• Those who want to run can't escape, and those who want to add positions can't get money in;
• Even if everyone eventually 'retrieved their coins,' the price had already undergone a cycle of intense volatility.
Ironically, this is not the first time Upbit has been hacked. In November 2019, it was hacked for 342,000 ETH, worth approximately 50 million USD at the time, also fully transferred from its hot wallet, and was later compensated by the platform itself.
Six years later, on the same day, the same type of hot wallet was hacked again.
This is not luck; it's structural risk.
This time, South Korean security agencies and several media have already named names, suspecting that the backer is still the North Korean 'Lazarus' hacker organization—this country, which relies on hacking for its nuclear weapons, has been statistically reported by on-chain analytics institutions to have stolen over 2 billion USD in cryptocurrency assets just in 2025.
A more heartbreaking new piece of news is:
A latest report reveals that North Korea is bypassing sanctions to purchase a large number of banned NVIDIA RTX 2700 graphics cards to enhance its AI capabilities, specifically to do three things—
Find smart contract vulnerabilities, conduct social engineering + deepfake, and wallet attacks targeting exchanges.
In plain language:
Your hot wallet faces a hacker team with national-level resources, using AI for accelerated iteration.
And the reason you can still curse in the group is just because this time Upbit can still bear it.
Two, SushiSwap was 'taken over' for 33 million: the dignity price of veteran DeFi
If the Upbit incident knocked on the 'centralized custody risk' door, then SushiSwap's news today knocked on the coffin lid of 'sentiment DeFi.'
According to AMBCrypto, SushiSwap officially confirmed:
• CEO Jared Grey resigned and became an advisor;
• Synthesis founder Alex McCurry invested 3.3 million USD to take over and became the new actual controller of the protocol;
• This once-established DEX with a TVL of 8 billion USD has now seen its TVL drop 99% from its peak.
What does 8 billion USD mean?
That was the super entrance everyone rushed to inject liquidity during the DeFi summer of 2020-2021;
Today, 99% of the water has been drawn out, leaving only a symbolic 'historical relic.'
There is a very harsh but realistic saying in the cryptocurrency sphere:
Sentiment is what founders write on their resumes; the accounts must be right on-chain.
Looking back at Sushi's storyline, it is actually very typical:
1. Crazy inflation period—relying on high APRs, Vampire Attacks, and community narratives to forcibly extract liquidity from Uniswap, pushing TVL up to 8 billion USD;
2. Internal friction and regulatory period—the token economy argued repeatedly, core developers left, yields continued to decline, and users switched to newer, faster, and better storytelling DEXs;
3. Capital takeover period—when protocol income and maintenance costs can't hold up, the only way out is to 'sell out': either sell to a larger CeFi/institution or be taken over by a team with resources and business development.
What exactly did Synthesis buy for 3.3 million USD?
• It is a brand that is still speaking out;
• It is a pile of compliance, code, governance structure, and existing LP relationships;
• It's also a 'veteran DeFi' label; in the future, whether it's for on-chain structured products, institutional liquidity, or bridging with CEX, at least you won't have to start from scratch in telling the story.
So, from the results,
SushiSwap did not suddenly 'die'; it completed a merger and reorganization at an extremely low price.
For those who took over SUSHI for a few dollars or tens of dollars back then, this is certainly painful;
But from a capital perspective, it was merely a transfer of discourse power at 1% of the price.
Three, these two matters really kill the 'illusion'
Today's two pieces of news, seemingly one a hacking event and the other a DeFi merger, actually kill the same thing: retail investors' illusion of security.
• You thought that CEX with 'big firms backing' is very safe, only to find that hot wallets are inherently high-risk exposure; as long as the other side is willing to invest resources, there will always be a way to pry them open;
• You thought that 'decentralized blue-chip protocols' could rely on the community to support them for a lifetime; the result is that when TVL and income can't hold up, they will eventually be bought out by some capital party, and the faith of the last cycle becomes the chips of the next cycle.
If you are an ordinary participant, the few practical suggestions given by these two matters are actually very simple:
1. Always consider 'being hackable' as a default premise
Whether it's the hot wallet of CEX or the contract of the on-chain protocol, as long as it's online, there is a possibility of being attacked.
The only thing you can control is: do not bet the outcome of your life on any single point.
2. Asset stratification is the real risk control
Exchanges: only keep the money you need for short-term trading or must use for futures margin;
DeFi: Only take part of the 'zero-risk' you are willing to accept to seek high returns;
Cold wallets: are the long-term assets and the 'money that lets you sleep at night.'
3. Maintain a bit of brutal clarity regarding 'sentiment' and 'backing'
Platform's backing is based on it still having money and motivation;
The protocol being taken over is based on the premise that the acquirer feels there is 'still room for extraction.'
Both of these matters are essentially financial decisions, not 'gentleness' towards retail investors.
Writing this, I recall a joke in the group:
"This wave is not a drop in coin price; it is that those who treat us as ATMs are starting to settle up."
In fact, a more accurate way of saying it is:
This market has never been designed for retail investors; they have only survived a while by chance in the gaps of the system.
Upbit's 36 million USD was treated as an operational cost and wiped out;
Sushi's 8 billion USD TVL was finally taken over for 3.3 million USD;
What is truly being settled is our romantic imagination of 'security' and 'decentralization' from the previous bull market.
In the next cycle, you can continue to chase new stories, grab new airdrops, and harvest new liquidity—
But at least at the moment you click 'Recharge,' 'Deposit,' 'Stake,'
There must be a clear bottom line in your heart:
This money is just my option fee paid to this system.
What is earned is luck;
Not coming back is tuition.
Rather than waiting for the next time the news flashes 'XX was hacked, YY was taken over,'
Just flood the group with another message:
——"Educated again."
