UPbit, a major South Korean cryptocurrency exchange, on Wednesday reported the theft of 342,000 ether (worth nearly US$50 million) from its hot wallet.
The price of bitcoin fell $6,876 following the news but had bounced back to $7,273 by the time of publication, according to Coinbase.
In a statement on Wednesday, Lee Seok-woo, the CEO of UPbit’s operator, Dunamu, said, “At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won/$48.7 million) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
Apologizing to users for any “inconvenience” caused, the CEO outlined measures taken by the exchange after it detected the incident, but stopped short of calling it a “hack,” Cointelegraph reported.
The exchange has pledged to protect user assets, stating that the 342,000 ETH will be covered by corporate assets.
Upbit deposits and withdrawals are now reportedly suspended, and the exchange estimates that it will take at least two weeks for them to resume, so users are urged to avoid sending any cryptocurrency to the platform before they’re advised to do so, TNW reported.
The CEO further indicated that all other recent large-scale transfers were not abnormal, but were related to the exchange moving assets between hot and cold storage facilities.
Hot wallets are software-based storage solutions for cryptocurrency, typically applications on phones or computers. Cold wallets are hardware-based – typically standalone devices kept offline while not in use to ensure they’re out of reach of internet criminals.
Some commentators have suggested that the hack was an inside job.
Cointelegraph contributor Joseph Young tweeted: “The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.”
The “hacker” timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.)
Hence, I think the probability of it being an inside job is higher than external breach.
No details are certain for now. Will continue to update.https://t.co/Yv01WYvPok
— Joseph Young (@iamjosephyoung) November 27, 2019
In March, Upbit and local cybersecurity firm East Security said a phishing scam targeting its users had been perpetrated by North Korea hackers, said the Cointelegraph report.
In January 2018, South Korea’s four largest crypto exchanges – Bithumb, Upbit, Coinone and Korbit – created a hotline for major exchanges to ensure suspicious transactions could be detected and frozen immediately after being disclosed.
Bithumb has to date suffered three major security breaches, most recently in March of this year.