Fake APT Tokens Flood Upbit Accounts: Exchange Seeks Refunds

Upbit, South Korea’s largest cryptocurrency exchange, has fallen victim to a massive scam involving fake APT tokens.

Police man seeing a giant fraudster with millions of coins collected.
Created by Kornelija Poderskytė from DailyCoin
  • Scammers infiltrated Upbit, South Korea’s largest cryptocurrency exchange. 
  • Bots send a substantial amount of APT tokens to the platform users. 
  • Upbit is now requesting users to process refunds. 

Upbit, South Korea’s largest cryptocurrency exchange, recently fell victim to a massive scam that allowed hackers to flood user wallets with fake APT tokens, bypassing the platform’s authentication system and disrupting its services. 

Upbit Users Receive Counterfeit APT Tokens

On Sunday, September 24, scammers infiltrated Upbit’s authentication system to deposit a substantial quantity of fake APT tokens valued at approximately $95 million into over 380,000 user wallets. 

Unaware of the origin of the free APT tokens, holders went on a withdrawal spree to cash out. However, Upbit swiftly disrupted their plans by suspending Aptos deposits and withdrawals on the exchange. The exchange cited wallet system maintenance as the reason without disclosing full details and requested users to process refunds. 

While Upbit’s APT deposits and withdrawals remain paused at press time as the exchange investigates the matter, crypto sleuth Defianalist theorized how the hack went down. 

Comparison of APT token contract and fakeAPT token contract.
Comparison of APT token contracts. Source: Definalist.

Defianalist suggested that Upbit’s authentication system failed to accurately examine the contract for the type of arguments, causing the counterfeit APT tokens to be mistakenly recognized as legitimate. Fortunately, there was a saving grace: the scam tokens had six decimal places, while APT tokens had eight, averting an even major disaster. 

The analyst pointed out that if the counterfeit tokens also had eight decimal places in their contracts, users would have received $25,000 instead of $250, potentially leading to a massive sell-off by thousands of users.

What Happens Next? 

Experts suggest that Upbit will launch an intensive search for the culprits. Given South Korea’s strict Know Your Customer (KYC) requirements, authorities will likely swiftly identify the criminals.

User reports indicate that Upbit is reaching out to those affected, urging them to request refunds with the following message:

"This is not your property, and you are entitled to have it returned. If you refuse, we may take legal action, and we will compensate the difference in the amount according to the coin market price with gift icons. It is absolutely impossible to send a recorded notice via Kakao Talk or other messengers. We ask you to trust Upbit and follow the APT refund process."

If users disregard these calls or fail to comply with Upbit’s requests, they could face legal action. 

On the Flipside

  • This year, over $920 million in the cryptocurrency industry has been lost to cyber criminals.
  • While this hack took place, Upbit’s transactions went up to 14.9 million APT from 260,000. 

Why This Matters

This exploit exposes major flaws within Upbit’s authentication system. It could lead to user confidence in the platform waning, considering its status as the largest exchange in the country. 

Read about an ongoing data breach on OpenSea:
OpenSea Warns of User Data Breach: Here’s What You Should Do

Read how the IRS is helping Ukraine to combat crypto-related crimes: 
IRS and Ukraine Join Forces to Combat Crypto-Related Crime

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Insha Zia

Insha Zia is a senior journalist at DailyCoin covering crypto developments, especially in the Cardano ecosystem. With a Bachelor of Science in Computer Systems Engineering, he delivers high-quality articles with his technical background and expertise in data analysis and programming languages, aiming to educate and inform readers accurately, transparently, and engagingly. Insha believes education can drive mass adoption of the crypto space, and he is committed to giving DailyCoin readers a better understanding of the technology.