- Scammers infiltrated Upbit, South Korea’s largest cryptocurrency exchange.
- Bots send a substantial amount of APT tokens to the platform users.
- Upbit is now requesting users to process refunds.
Upbit, South Korea’s largest cryptocurrency exchange, recently fell victim to a massive scam that allowed hackers to flood user wallets with fake APT tokens, bypassing the platform’s authentication system and disrupting its services.
Upbit Users Receive Counterfeit APT Tokens
On Sunday, September 24, scammers infiltrated Upbit’s authentication system to deposit a substantial quantity of fake APT tokens valued at approximately $95 million into over 380,000 user wallets.
Unaware of the origin of the free APT tokens, holders went on a withdrawal spree to cash out. However, Upbit swiftly disrupted their plans by suspending Aptos deposits and withdrawals on the exchange. The exchange cited wallet system maintenance as the reason without disclosing full details and requested users to process refunds.
Sponsored
While Upbit’s APT deposits and withdrawals remain paused at press time as the exchange investigates the matter, crypto sleuth Defianalist theorized how the hack went down.
Defianalist suggested that Upbit’s authentication system failed to accurately examine the contract for the type of arguments, causing the counterfeit APT tokens to be mistakenly recognized as legitimate. Fortunately, there was a saving grace: the scam tokens had six decimal places, while APT tokens had eight, averting an even major disaster.
The analyst pointed out that if the counterfeit tokens also had eight decimal places in their contracts, users would have received $25,000 instead of $250, potentially leading to a massive sell-off by thousands of users.
What Happens Next?
Experts suggest that Upbit will launch an intensive search for the culprits. Given South Korea’s strict Know Your Customer (KYC) requirements, authorities will likely swiftly identify the criminals.
Sponsored
User reports indicate that Upbit is reaching out to those affected, urging them to request refunds with the following message:
"This is not your property, and you are entitled to have it returned. If you refuse, we may take legal action, and we will compensate the difference in the amount according to the coin market price with gift icons. It is absolutely impossible to send a recorded notice via Kakao Talk or other messengers. We ask you to trust Upbit and follow the APT refund process."
If users disregard these calls or fail to comply with Upbit’s requests, they could face legal action.
On the Flipside
- This year, over $920 million in the cryptocurrency industry has been lost to cyber criminals.
- While this hack took place, Upbit’s transactions went up to 14.9 million APT from 260,000.
Why This Matters
This exploit exposes major flaws within Upbit’s authentication system. It could lead to user confidence in the platform waning, considering its status as the largest exchange in the country.
Read about an ongoing data breach on OpenSea:
OpenSea Warns of User Data Breach: Here’s What You Should Do
Read how the IRS is helping Ukraine to combat crypto-related crimes:
IRS and Ukraine Join Forces to Combat Crypto-Related Crime
