Upbit hacked

[Baofeng]

Here are the reasons for suspension of cryptocurrency deposit and withdrawal service and emergency server check.
Posted on November 27, 2019 17:56 | Views 42988
I am Lee Seok-woo, CEO of Doo-myeon who operates Upbit.

First of all, I apologize for any inconvenience this may cause to you.

At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet.
Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029

As soon as we confirmed this, we started responding.

Upbeat responds as follows to protect members' assets.

To ensure that your assets are harmed, 342,000 ETH transferred to unknown wallets will be covered by upbit assets. We're working on it, and I'll tell you as soon as I'm done.
All cryptocurrencies in Hot Wallet have been transferred to Cold Wallet.
It is estimated that it will take at least two weeks for the deposit and withdrawal to resume. I'll tell you again when this is done.
Ethereum is the only trade out of the bulk transactions, and the rest of the bulk trades have moved all cryptocurrencies in Hot Wallet to Cold Wallet.

If there are any other changes, I will tell you again.

Lastly, the exchange manager who handles cryptocurrency asks you to prevent deposits from the Ethereum address where the abnormal withdrawal has occurred. Please report to Upbit Customer Center.

Report to Upbit Customer Center (open 24 hours)
Representative of the cedar tree

https://upbit.com/service_center/notice?id=1085

So it looks like we have another bad news in the market, as Upbit has officially admitted that they have lost 342,000 ETH (around < $50 million if my math is correct). So brace yourself for another downside because of this news.

https://etherscan.io/address/0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029

[Bttzed03]

This is what happens when exchanges feel so confident with their internal security and keeping a lot of held assets in their hot wallet.

Funds are not safu on all centralized exchanges. I don't know how many times we should be reminded of this.

It's good that Upbit has enough assets to cover the hacked amount. If it was others, they would have shutdown like what happened to Cryptopia.

[gentlemand]

ANOTHER Korean hack? Do they all have DPRK agents embedded in them who siphon stuff off whenever the wallets are looking particularly healthy? My guess is that every exchange operator over there is permanently drunk.

[TGD]

A 50M$ worth of ETH will not gonna affect that much the whole crypto market since it will not be sold by the hacker in one time or else they might caught  up.
The only scenario that I can see right now for that news, Is ETH will dump more due to FUD of this news even though there will be no massive dumping from the hacker.
This might be the reason why BTC recently revisit the 6.9k level but already recover now.

[Yaunfitda]

If my memory serves me right, this is not the first time that Upbit was hacked. Or it was targeted by the North Koreans in the past, so I'm sure they should have known better. Anyways, there are reports surfacing that there are some sort of Signs Point to Inside Job in Upbit Crypto Exchange Hack, Says Commentator.

https://twitter.com/iamjosephyoung/status/1199625442312908801?s=20

The "hacker" timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.)

Hence, I think the probability of it being an inside job is higher than external breach.

No details are certain for now. Will continue to update.

[Palider]

This is bad news especially as it is a centralized exchange that should know what to do to further protect their protection against hackers.

So it is always the reminder of experts that we should not give full trust to centralize exchanges especially since it is prone to hacking incidents.

[rosezionjohn]

That amount is no joke for any company, Upbit will have to shutdown sooner or later if these hacks keeps on happening to them. Another one of the many proofs that no system is safe.



It's nice to see etherscan have this


A small way of helping inform the community who frequently use etherscan. It may also make it harder for the hacker to sell

[milewilda]

This is what happens when exchanges feel so confident with their internal security and keeping a lot of held assets in their hot wallet.

Funds are not safu on all centralized exchanges. I don't know how many times we should be reminded of this.

It's good that Upbit has enough assets to cover the hacked amount. If it was others, they would have shutdown like what happened to Cryptopia.

When i do hear out that SAFU thing, i do directly think off about Binance.lol.

Its odd that they do held off that big amount on a hotwallet yet we know that majority of top tier exchangers would really keep big allocation of entire balance on an offline.
Good thing that they would cover the hacked amount. Does anyone have any thoughts about for this to be an inside job?

[stompix]

Oh, so this caused the dip in the morning?

ANOTHER Korean hack? Do they all have DPRK agents embedded in them who siphon stuff off whenever the wallets are looking particularly healthy? My guess is that every exchange operator over there is permanently drunk.

Hahaha:

In December 2018, Upbit became the first cryptocurrency exchange in the world to receive certifications from the Korea Internet and Security Agency for Information Security Management System (ISMS)[citation needed] and the International Organization for Standardization (ISO) for information security (ISO 27001), cloud security (ISO 27017) and cloud privacy (ISO 27018).[9]

So this was a certified for everything exchange and the first of it's kind.
It took less than a year to lose 50 million (!?)
And yet people are still keeping their funds in shadier and far smaller exchanges which have nowhere near the financial backing to repay the customers if a hack or a "hack" happens.

When i do hear out that SAFU thing, i do directly think off about Binance.lol.

I'm always thinking of this:
https://www.youtube.com/watch?v=DelF6zEHXpE

[PrimeNumber7]

This is what happens when exchanges feel so confident with their internal security and keeping a lot of held assets in their hot wallet.

I think they most probably are displaying fake volumes. I don’t know how much they have in cold storage but if the volume displayed is correct, they were holding about two days worth of trading volume in their hot wallet. At 0.002% commission, this works out to over three years of what they would earn in trading fees on ETH based pairs.

If it was late 2017, it might make sense to have that much in their hot wallet, but not today with volume having declined as much as it did.

[The Sceptical Chymist]

To ensure that your assets are harmed

I would LOL at this if it weren't so un-funny.  That's a fuckton of ETH to just disappear in one fell swoop, and I'm probably not the only one who's suspicious about this--but we'll see what happens.

Oh, so this caused the dip in the morning?

Don't know if you're referring to ETH or bitcoin, but bitcoin jumped since last I checked it and is sitting above $7500 right now.  I wouldn't expect any particular coin to be reacting to this hack and bitcoin in particular has proven to be resilient in the face of exchanges going kablooey.

I think they most probably are displaying fake volumes.

I don't know if that's true or false, but it wouldn't surprise me.  I've heard lots of stories about exchanges, especially smaller ones, inflating their trading volume to make it look like they're way more successful than they actually are--or at least I'm assuming that's the reason for it. 

Anyway, this shit never ends.  Either the security of these exchanges is really piss-poor or they're stealing their customers' funds and claiming they got hacked.  I'll be very interested to see how this all plays out.

[coupable]

I think they most probably are displaying fake volumes.

Infortunetly, there is no way to prove this with 99% shitcoins in the Market. This lead to ask how centralised (regulated) exchanges are managed? What i mean in simple words is that a regulated company shouldn't face such a funny cases. I can't understand why/how they can't explain the fact. Something or someone who have access to the hot wallet keys should be the first suspect , when upbit is asking community to block the suspected address and help to find the stealer !

If you find out any information regarding to this suspicious transaction or the anonymous wallet, please report to us.

So it is always the reminder of experts that we should not give full trust to centralize exchanges especially since it is prone to hacking incidents.

Don't give full trust to anything, especially The Exchanges. Even those we called Decentralised .

[PrimeNumber7]

I think they most probably are displaying fake volumes.

I don't know if that's true or false, but it wouldn't surprise me.  I've heard lots of stories about exchanges, especially smaller ones, inflating their trading volume to make it look like they're way more successful than they actually are--or at least I'm assuming that's the reason for it. 

Anyway, this shit never ends.  Either the security of these exchanges is really piss-poor or they're stealing their customers' funds and claiming they got hacked.  I'll be very interested to see how this all plays out.

Upbit has a history of allegedly inflating its trading volumes, and even had some of its executives indicted for doing so.

One problem with saying that 'smaller exchanges' often inflate their volume is the exchanges who inflate their volume are trying to make their exchange appear to be larger than it really is, by a factor of sometimes thousands.

I think they most probably are displaying fake volumes.

Infortunetly, there is no way to prove this with 99% shitcoins in the Market.

You can look at what happens to the volume when there are large moves in the market, and you can check for patterns such as indications that a large part of an exchange's customer base is sleeping (and not trading).


This is not the first time Upbit has been hacked, under suspicious circumstances.

[1Referee]

So it is always the reminder of experts that we should not give full trust to centralize exchanges especially since it is prone to hacking incidents.

How many exchanges have been 'hacked' thus far? Too many to remember every individual exchange, that's for sure. It taught people absolutely nothing.

Some don't want to take care of their own storage whatever the reason might be, and others purposely keep their coins on an exchange because they want to sell as fast as possible whenever they panic. This is far worse than "trusting" banks with your fiat. Right now people are "trusting" shady and incompetent exchange operators with their precious Bitcoins.

On top of that, it's yet another Asian exchange. It can't be considered coincidence anymore. Asian exchanges are structurally flawed, and so are their operators.

[Bttzed03]

This is what happens when exchanges feel so confident with their internal security and keeping a lot of held assets in their hot wallet.

I think they most probably are displaying fake volumes. I don’t know how much they have in cold storage but if the volume displayed is correct, they were holding about two days worth of trading volume in their hot wallet. At 0.002% commission, this works out to over three years of what they would earn in trading fees on ETH based pairs.

If it was late 2017, it might make sense to have that much in their hot wallet, but not today with volume having declined as much as it did.

Assuming what you said is true and that they are trying to make their exchange look bigger than what it actually is, we will know sooner or later if they can really refund the losses without going into bankruptcy and liquidation. The fact still remains that those 342K eth were move out from their hot wallet though.

When i do hear out that SAFU thing, i do directly think off about Binance.lol.

Can't blame you 

Does anyone have any thoughts about for this to be an inside job?

It could be. There is always that possibility.

[stompix]

Oh, so this caused the dip in the morning?

Don't know if you're referring to ETH or bitcoin, but bitcoin jumped since last I checked it and is sitting above $7500 right now.  I wouldn't expect any particular coin to be reacting to this hack and bitcoin in particular has proven to be resilient in the face of exchanges going kablooey.

In the morning (GMT+1 time) it dropped to 6878 and then a few hours later it jumped back above 7200 and to 7500



Of course, it was a small one but it was also a small "hack" 

[gentlemand]

https://ihodl.com/topnews/2019-11-28/stolen-ethers-upbit-are-being-transferred-huobi/

The ETH is off to Huobi according to that. How many instances of stolen crypto being frozen and returned by exchanges have there been? You rarely seem to hear much about it.

[PrimeNumber7]

https://ihodl.com/topnews/2019-11-28/stolen-ethers-upbit-are-being-transferred-huobi/

The ETH is off to Huobi according to that. How many instances of stolen crypto being frozen and returned by exchanges have there been? You rarely seem to hear much about it.

It is unusual for large amounts of stolen coin to get transferred to exchanges because hackers know the risk of the deposit being confiscated.

It is typical for hackers to send small amounts to various exchanges to see if they can successfully process a withdrawal, or to send stolen coin to various mixers in small batches if any exist. I believe the majority of coin stolen from large businesses in large heists ends up idol. 

[squatter]

https://ihodl.com/topnews/2019-11-28/stolen-ethers-upbit-are-being-transferred-huobi/

The ETH is off to Huobi according to that. How many instances of stolen crypto being frozen and returned by exchanges have there been? You rarely seem to hear much about it.

Apparently, those were just small test transactions. The hacker sent some tiny deposits to both Huobi Global and Binance but as of a few hours ago:

342k #ETH from #UpbitHack are split into multiple addresses.  Fortunately, no large xfer into exchanges so far.

I'd assume in many cases that the money is never returned. A lot probably depends on how quickly the attacker moves, since exchanges don't have the right to indefinitely freeze customer assets. That's why Binance says they'll only freeze funds for up to 24 hours -- by which time there must be a filed police report and law enforcement officials working with the exchange. After that, they release the funds.

Smart hackers will immediately be moving the funds through false verified accounts to quickly wash the proceeds. The hack outputs will be publicly tagged, but any outputs laundered through other exchanges won't be. I think this is pretty tough to stop in real time, but the longer the hacker waits around and lets the money sit, the more worthless it becomes.

[Lanatsa]

https://ihodl.com/topnews/2019-11-28/stolen-ethers-upbit-are-being-transferred-huobi/

The ETH is off to Huobi according to that. How many instances of stolen crypto being frozen and returned by exchanges have there been? You rarely seem to hear much about it.

Wondering on how much of those ETH being transferred on big exchangers would be held up.  Hacker is impatient too much and no matter how he do split up those coins it would really be still hot in the eyes of the community.