Upbit Loses $49 Million in Cyberattack

Summary

On November 27, 2019, Upbit, one of South Korea’s largest cryptocurrency exchanges, fell victim to a major cyberattack, resulting in the theft of approximately $49 million worth of Ethereum (342,000 ETH). The attack specifically targeted Upbit’s hot wallet, from which the funds were transferred to an unknown wallet address. To safeguard the remaining assets, Upbit promptly moved them to cold storage as a safety measure. The exchange took immediate action, replenishing the stolen funds with its own assets and ensuring no impact on its customers.

Attackers

The identity of the attackers involved in the Upbit hack remains unknown. However, the wallet address associated with the attackers is: 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.

Losses

The Upbit hack resulted in the loss of approximately $49 million worth of Ethereum (ETH).

Timeline:

• November 27, 2019, 4:06 (UTC): Upbit detects a major security breach in its Ethereum hot wallet.
• November 27, 2019, 4:45 (UTC): Upbit suspends all cryptocurrency deposits and withdrawals to prevent additional unauthorized access and minimize potential damages.
• November 27, 2019, 8:56 (UTC): Upbit publicly acknowledges the security breach in an official statement and assures its users that their assets will be fully protected and covered by the company.
• January 13, 2020, 17:00 (UTC): Upbit announces the completion of security enhancements and reopens cryptocurrency deposits and withdrawals.

Security Failure Causes

The Wallet System’s Vulnerability: The cause of the Upbit hack remains undisclosed, but it is widely believed that the attackers took advantage of weaknesses in Upbit’s hot wallet system, leading to unauthorized access and fund transfers.

A Phishing-Malware Hybrid Attack: It is speculated that a combination of phishing and malware attacks allowed the hackers to acquire the wallet’s private keys.