Following a major $30 million hack, South Korean crypto exchange Upbit initiated an emergency investigation and discovered a serious private key vulnerability.
On November 27th, Upbit noticed “abnormal activity” and identified that 44.5 billion won ($30 million) of assets were drained from a Solana hot wallet. Attackers managed to steal popular tokens like official Trump (TRUMP), bonk (BONK), USD coin (USDC), and others.
On Friday, Oh Kyung-seok, CEO of Upbit's operator Dunamu, apologized for the attack, saying: “This breach is a direct result of Upbit's inadequate security management, and there is no room for excuses. Upbit, which prioritizes member protection, promises that no damage will occur to member assets.”
He further explained that during an investigation that was initiated after the hack, the company analyzed numerous Upbit wallet transactions publicly disclosed on the blockchain. During the process, they discovered “a security vulnerability that allowed [them] to infer private keys (a type of password that allows access to blockchain wallet addresses and assets).” Oh Kyung-seok says the vulnerability has now been addressed.
Although the vulnerability was discovered during a post-incident investigation, Oh Kyung-seok did not explicitly link it to the breach.
Upbit has since suspended digital asset deposits and withdrawals.
In total, the company has identified approximately 44.5 billion won ($30 million) in damaged assets, including 38.6 billion won ($26 million) in member assets. Out of them, approximately 2.3 billion won ($1.5 million) has already been frozen. Upbit says that its own assets made up for 5.9 billion won ($4 million).
The company has reiterated that it will be covering all customer losses using its own assets.
Upbit is now undergoing a mass review of its security system and a complete overhaul of its wallet system, with digital asset deposits and withdrawals expected to resume after security reviews are complete.
Curious what others think about this story? Contribute your thoughts to the debate below.
“Upbit has strived to safeguard member assets, but we've once again realized that there's no such thing as perfect security,” Oh Kyung-seok adds.
According to South Korean news outlet Yonhap News, North Korea’s Lazarus Group is suspected to be behind the attack.
Your email address will not be published. Required fields are markedmarked