Korean Crypto Exchange UPbit Lost 342,000 Ether Following Hack

South Korean cryptocurrency exchange UPbit — run by a subsidiary of Korean tech giant Kakao — has been hacked, losing 342,000 Ether (ETH), around $50 million from its hot wallet.

The news has been confirmed by Lee Seok-woo – CEO of Upbit’s operator, Dunamu – via an official statement written on November 27th. The statement explained that the exchange had detected an abnormal transaction from its hot wallet to an unrecognized wallet, which led to an outflow of 342,000 ether (ETH). The exchange did not specify whether it had been hacked.

The statement read as follows:

“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbit Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”

Following the incident, the exchange apologized to users for any inconveniences caused as the CEO had laid out several measures taken as a precaution. Respectively, the exchange transferred all cryptocurrencies from its hot wallet to a cold wallet and said the loss will be covered by its own corporate assets.

Meanwhile, withdrawals and deposits have already been suspended as a precaution. Later on, Upbit said it will take at least two weeks for deposit and withdrawal services to be back to normal, with Lee Seok-woo promising to inform users as soon as they reopen.

According to Whale Alert – a Twitter service that monitors blockchain transactions – the lost ETH worth $49 million at press time, was sent from Upbit’s wallet to an unknown ethereum address starting with 0xa09871 about 04:00 UTC on Wednesday.

About 30 minutes later, Upbit announced that it had temporarily suspended withdrawals and deposits due to server maintenance. Subsequently, the massive withdrawal alerts did raise suspicions, with several people on social media calling it a hack.

Whale Alert, in fact, noted several withdrawals taking place via UPbit, involving other cryptocurrencies and tokens as well, such as Tron (TRX) and BitTorrent (BTT), amongst others. In fact, more than $100 million worth of multiple cryptocurrencies have been sent out from Upbit today.

However, the exchange stated that only ETH holdings had been affected, and all other recent large-scale transactions were related to the exchange moving assets between hot and storage facilities to prevent further losses.

UPbit’s hack marks this year’s eighth breach, and the total amount stolen from cryptocurrency exchanges to date now stands at around $1.44 billion, according to data.

Meanwhile, Upbit isn’t the only South Korean exchange to have suffered loss. Earlier this year, Bithumb – the second biggest cryptocurrency exchange in South Korea, fell victim to an inside job. According to previous reports, it lost about $13 million in March 2019. In total, the exchange had suffered three major security breaches. Last year, Coinrail was hacked for $40 million.

UN Report Claims North Korea Implicated in Cryptocurrency Exchange Hacks

A confidential United Nations report claims that North Korea is using “widespread and increasingly sophisticated” cyberattacks to steal cryptocurrency and fiat currency in order to fund its weapons of mass destruction programs, Reuters says.

The confidential report, compiled by a group of independent experts and obtained by Reuters, was submitted last week to the U.N. Security Council’s North Korea sanctions committee. The report stated that North Korea had used hacks to steal funds from financial institutions and cryptocurrency exchanges, collecting roughly $2 billion, which was laundered over the web.

As the attacks are becoming harder to track, the group of experts is currently investigating at least 35 reported instances of DPRK actors attacking financial institutions, cryptocurrency exchanges and mining activity designed to earn foreign currency in 17 nations. According to the report, these cyber actors are operating under the direction of the Reconnaissance General Bureau – North Korea’s top military intelligence agency.

The experts’ report notes that large-scale attacks against cryptocurrency exchanges by North Korea allow the country to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.

The report further notes that North Korea is using new techniques to earn hard currency for its illegal activities. Many of the entities, operating as ploys, “continued to operate overseas, including under diplomatic cover, attempting to transfer conventional weapons and expertise and to procure equipment and technology” to the country.

In addition to that, according to experts North Korea continues to have access to the global financial system, through bank representatives and networks operating worldwide due to failure to implement financial sanctions as well as due to Pyongyang’s deceptive practices.

Furthermore, North Korea has also continued to disregard sanctions using illegal ship-to-ship transfers of coal and refined petroleum products. The report claims to have identified new evasion techniques for such transfers including feeder vessels using Class B Automatic Identification Systems and multiple transfers using smaller vessels.

Prior to this, other reports have linked North Korea to major hacks at crypto exchanges such as the massive hack of Japan’s Coincheck exchange platform, which resulted in a theft of more than $500 million worth in cryptocurrency.

Most recently, it has been suggested that North Korean hackers have been targeting users of the UPbit exchange with phishing email campaign.

Upon being asked about the report, an U.S. State Department spokeswoman voiced her opinion on the matter:

“We call upon all responsible states to take action to counter North Korea’s ability to conduct malicious cyber activity, which generates revenue that supports its unlawful WMD and ballistic missile programs.”

Meanwhile, the U.N. Security Council held a closed-door meeting last week at the request of Britain, France and Germany, in order to discuss Pyongyang’s recent missile launches, and the three renewed the need to enforce U.N. sanctions.

Cryptocurrency Exchange Bitrue Falls Prey to Hack – Will Refund Users

Singapore-based cryptocurrency exchange Bitrue has suffered a major hack, losing around $4.2 million in user assets, mainly 9.3 million XRP and 2.5 million Cardano (ADA) from its hot wallet.

The exchange platform revealed the news in an official statement published on Twitter, stating that the hack had been identified at around 1 AM local time on June 27.

At the time of the breach, the stolen funds would have been worth over $4.5 million in XRP and $237,500 in ADA.

The exchange further explained that a single hacker initially exploited a vulnerability in the Risk Control team’s 2nd review process to access the personal funds of about 90 users,  and consequently used that to access the exchange’s hot wallet and steal the assets.

According to exchange, the hack had been quickly detected and the hacker’s activity suspended. In addition to that, Bitrue said it was working with the Huobi, Bittrex and ChangeNOW exchanges, which it credits with helping freeze the relevant transactions and associated accounts.

Following the hack, the platform issued a statement saying that user funds are insured and anyone who lost cryptocurrency would be refunded.

“First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again.”

In another tweet, Bitrue revealed it is currently conducting an emergency inspection of its systems and plans to return to live functionality again as soon as possible. It is expected that log-in and trading support re-launch sooner than withdrawals, which will remain offline for a longer period.

Early this year, Bitrue said it was also affected by a 51-percent attack on the Ethereum Classic cryptocurrency in which a hacker had tried to withdraw 13,000 ETC but claimed the attempted theft had been stopped by its system.

In order to remain transparent, the exchange has provided the public with a link which can trace the flow of funds on the XRP block explorer and has disclosed that it was working closely with the Singaporean authorities in identifying the perpetrator.

Prior to this attack, a reported total of seven crypto exchanges suffered large-scale hacking attacks within the first six months of this year, including the $40 million hack of top crypto exchange Binance.

Binance Exchange Suffers Security Breach Losing 7,000 Bitcoin

One of the largest cryptocurrency exchanges Binance has reported a “large scale” data breach in which unidentified hackers stole more than 7,000 Bitcoin (BTC) worth about $40 million.

Binance’s Security Breached

On May 7th, Binance issued a statement in which they announced that a “large scale security breach” had been identified and hackers withdrew 7,000 BTC worth about $40 million via a single transaction, marking this the latest in a long line of thefts in the digital currency space.

According to the exchange, the hackers used a “variety of techniques” including phishing and viruses to access user API keys, two-factor authentication codes and “potentially other info.” There may be additional accounts that have been affected but not yet identified, Binance said.

Respectively, the theft only impacted Binance’s BTC hot wallet and wiped out about 2% of the company’s total BTC holdings. The exchange assured that other wallets remained secure and unharmed.

CEO Changpeng Zhao has explained that “the hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”7

User Funds Are Safe

Apparently, once the transaction was executed, it triggered internal alarms, and following the discovery Zhao froze all withdrawals. The announcement comes hours after Zhao tweeted that the exchange was undertaking some unscheduled server maintenance, saying that “funds are #safu.”

In a tweet linking to the post, Zhao said it was “not the best of days, but we will stay transparent,” further adding that the exchange will conduct a thorough security review. Accordingly, the review of the hack will take up to a week, during which time all deposits and withdrawals will remain suspended. However, trading will continue to be enabled to allow investors to adjust their positions.

Binance further cautions users that hackers may still control some user accounts and may “use those to influence prices in the meantime.”

Meanwhile, the exchange platform informed that it will use its Secure Asset Fund for Users – an emergency insurance fund – to cover all losses and as such no user funds will be affected by the breach.

The emergency fund is made up of 10% of all trading fees held by the exchange, and was initially established to protect Binance’s users in extreme cases. It is stored in its own cold wallet.

The Hacked Japanese Crypto Exchange Coincheck Has Reinstated Their Services

Japanese crypto exchange Coincheck has now returned and resumed its activities after suffering a security hack, reinstating services for all listed cryptos on its platform.

Coincheck became a victim of hackers back in January, as a result of their attack the exchange lost funds worth over $530 million in NEM tokens. The attack was later considered to be the biggest crypto theft in the history and resulted into increased regulatory scrutiny of crypto exchanges in the country. Subsequently, Monex Group, a Japanese online brokerage firm had acquired Coincheck for around $33.5 million following the hack.

Announced on Monday, it has been revealed that as of now Coincheck is resuming trading pairs for XRP and Factom (FCT) tokens.

The news of Ripple (XRP) and Factom (FCT) token trading means Coincheck is now operating services for all “tradable cryptocurrencies” on the platform. These include, aside from the two mentioned above: Bitcoin (BTC), Ethereum (ETH), Ethereum Classic (ETC), Litecoin (LTC), Bitcoin Cash (BCH), NEM (XEM), lisk (LSK). According to the report, two weeks ago Coincheck had resumed trading of NEM (XEM), the token which bore the brunt of its losses, while further functionality was restored at the end of October.

At the same time, the exchange has also started accepting new account signups for customers based in Japan, which had been previously suspended and blocked as regulator-mandated improvements at the exchange were underway.

Following this, the exchange seeks to resume several other features, which include leveraged transactions, Japanese yen depositing through convenience stores and a scheme that lets users pay power bills with crypto, according to its Monday announcement.

Last month, Coincheck reported a loss of $5.25 million (588 million Japanese yen) for the third quarter period (Q2 in the Japanese financial year) as a result of the hack. Currently, according to data taken from CoinMarketCap the exchange has assisted about $31 million in trading volume on its platform within the past 24 hours.