When Upbit detected unauthorized withdrawals of roughly $36 million in Solana tokens from a sizzling pockets on Nov. 27, CEO Oh Kyung-seok went on document inside hours. He said:
“The whole quantity might be lined by Upbit’s holdings, with no affect on buyer belongings.”
Six years earlier, Upbit mentioned the identical factor after dropping 342,000 ETH, price round $50 million on the time, to North Korea-linked hackers. Each instances, prospects noticed no losses, and each instances, the alternate absorbed the hit from its personal treasury.
That is the new pockets insurance coverage mannequin, the place exchanges warehouse counterparty threat in order that platform-level breaches don’t haircut customers.
The system may need three types: self-insurance from company reserves, devoted emergency funds like Binance’s SAFU, and third-party crime insurance policies with named limits.
The mannequin has change into commonplace observe at Tier 1 centralized exchanges, turning what would have been Mt. Gox-style insolvencies into operational losses that reopen inside days.
However “customers don’t lose” doesn’t imply markets don’t react. Even when deposits are finally secure, immediacy and liquidity should not. Hacks nonetheless freeze withdrawals, collapse order-book depth, widen spreads, and set off reflexive pullbacks by market-makers.
The insurance coverage mannequin modifications who eats the loss and how briskly platforms can credibly reopen. It doesn’t erase counterparty threat.
Upbit: self-insurance from hacks as a company steadiness sheet
Upbit’s method is, in impact, self-insurance with no express coverage restrict. The promise relies upon totally on the alternate’s solvency and entry to capital.
In each the 2019 Ethereum hack and the 2025 Solana breach, Upbit handled hot-wallet losses as operational bills absorbed by Dunamu, its father or mother firm.
The 2025 incident moved quick. Round 4:42 a.m. native time, roughly 54 billion received in numerous tokens from the Solana ecosystem tokens drained to an unknown handle.
Upbit froze all Solana deposits and withdrawals, shifted remaining belongings to chilly storage, and froze a portion of the stolen LAYER tokens on-chain.
The alternate mentioned it was working with tasks and regulation enforcement to freeze much more of them, however the core dedication was fast: no buyer losses.
That dedication is credible as a result of Upbit is giant and liquid. Nevertheless it’s not a statutory assure. There isn’t any exterior insurer backstopping the promise, no deposit insurance coverage scheme, and no formal reserve ratio that regulators audit.
The mannequin works till it doesn’t: till a hack is giant sufficient relative to fairness that full reimbursement strains or breaks the steadiness sheet.
Binance and SAFU: a formalized inner fund
Binance created the Safe Asset Fund for Customers in July 2018, diverting about 10% of buying and selling charges into devoted publicly seen chilly pockets addresses.
Binance has repeatedly mentioned SAFU is supposed for “sudden excessive circumstances” resembling main hacks. As of press time, the fund was valued at round $1 billion.
When Binance suffered its Could 2019 sizzling pockets breach, ensuing within the lack of 7,000 BTC, it paused withdrawals and introduced that each one affected accounts can be made entire from SAFU, with no person losses.
Inside figures point out that solely about 2% of whole alternate funds are within the compromised sizzling pockets, making it possible to socialize the loss throughout the SAFU pool quite than push it to prospects.
SAFU is an inner insurance coverage fund: ring-fenced, pre-funded from charges, with an implicit dedication to cowl giant platform-level hacks, but it surely’s not a statutory assure.
If a breach exceeded the fund steadiness and Binance’s fairness, prospects would take losses. However the public visibility of the fund and the fee-funding mechanism make the promise extra clear than Upbit’s balance-sheet method.
Crypto.com: mixing self-insurance with third-party cowl
On Jan. 17, 2022, Crypto.com detected unauthorized withdrawals on a subset of person accounts and halted all withdrawals for about 14 hours.
Later disclosures put the loss at roughly $34 million in BTC, ETH, and different tokens, affecting 483 accounts. The alternate harassed that “no prospects skilled a lack of funds” as a result of it both blocked the unauthorized withdrawals in time or totally reimbursed affected customers.
Subsequent communications highlighted a brand new safety program providing protection of as much as $250,000 per account within the occasion of sure third-party breaches.
Public reporting notes that exchanges like Crypto.com and Coinbase carry crime insurance policies that pay out if the platform itself is hacked, however not if a person loses funds as a consequence of their very own credential compromise.
The excellence issues. Crime insurance policies sometimes cowl platform-wide breaches, insider theft, or fraudulent transfers involving the alternate’s personal techniques. They don’t cowl phishing, SIM-swaps, or customers dropping non-public keys.
Protection is finite and conditional, with named limits and exclusions that may go away prospects uncovered if a breach falls outdoors coverage phrases or exceeds the restrict.
Third-party insurance policies and captive constructions for hacks
Coinbase has lengthy disclosed against the law insurance coverage coverage with a $255 million restrict on its sizzling pockets balances, positioned via Aon with Lloyd’s syndicates.
The coverage is designed to cowl platform-wide breaches however explicitly excludes losses from somebody compromising a person person’s login.
Gemini took the captive route, launching “Nakamoto Ltd.” in Bermuda to offer $200 million in protection for Gemini Custody, topping up what the business market would provide.
Newer regulated exchanges now market “100% sizzling pockets insurance coverage” as a promoting level. HashKey World says person belongings are protected by complete insurance coverage, together with 100% sizzling pockets insurance coverage, with 90% saved in chilly storage.
The spectrum runs from implicit guarantees backed solely by fairness and retained earnings, to ring-fenced inner funds, to formal insurance coverage contracts with named limits and exclusions.
The market is maturing: latest analysis estimates the crypto alternate sizzling pockets insurance coverage section at about $1.4 billion in 2024, with projected progress to roughly $12 billion by 2033 as exchanges, custodians, and regulators push for extra formalized loss mitigation.
Markets nonetheless react when customers don’t lose
Even when customers are made entire, hacks change how merchants value counterparty threat. Bybit’s February 2025 $1.5 billion hack illustrates this completely.
Bitcoin market depth on Bybit collapsed from regular ranges to about $100,000 instantly after the incident, then recovered to roughly $13 million by the tip of the primary quarter, in step with pre-hack circumstances.
Spreads widened throughout BTC and the highest 30 altcoins, solely to tighten once more over a number of weeks as market-makers returned.
Coinlaw information from November 2025 famous that even a technical KRW switch suspension on Upbit coincided with an estimated 70% drop in liquidity and a pointy fall in Upbit’s share of worldwide high 10 volumes, highlighting how rapidly capital can step again from a single venue.
The sample is constant: frozen withdrawals, wider spreads, thinner depth, and a reflexive liquidity supplier pullback. Even when deposits are finally secure, immediacy will not be.
Merchants who want to maneuver capital or hedge positions face hours or days of illiquidity. Market-makers who present depth pull again till they’re assured the platform is steady.
What the mannequin does and doesn’t clear up
Scorching pockets insurance coverage significantly reduces the percentages {that a} single alternate hack wipes out buyer cash. It modifications who eats the loss and how briskly platforms can credibly reopen.
Upbit, Binance, and Crypto.com all absorbed platform-level breaches from reserves or inner funds and reopened inside days, avoiding the years-long insolvency proceedings that adopted Mt. Gox.
However protection is finite and conditional. It usually applies solely to platform-level breaches, to not phishing or SIM swaps.
A sovereign assure doesn’t again it, the best way financial institution deposits are. And it does nothing to cease the short-term fallout that really strikes markets: frozen withdrawals, wider spreads, thinner depth, and a reflexive pullback of liquidity.
The lesson is that sizzling pockets insurance coverage is actual and practical, but it surely’s not deposit insurance coverage. It will depend on the alternate’s solvency and liquidity, the adequacy of inner funds or exterior insurance policies, and the platform’s willingness to honor guarantees when reserves are examined.
For customers, the mannequin means counterparty threat is decrease than it was within the Mt. Gox period, but it surely’s not zero. For markets, it means hacks nonetheless dominate headlines and value motion even when each buyer finally ends up entire.
Talked about on this article