South Korean cryptocurrency exchange Upbit has informed customers that a cyberattack has led to the theft of $48.5 million in cryptocurrency.
On Wednesday, Upbit suspended its deposit and withdrawal service, saying in a statement that 342,000 in Ethereum (ETH), approximately $48.5 million at the time of writing, had been stolen from the Upbeat Ethereum hot wallet to a previously unknown wallet address.
According to Lee Seok-woo, chief executive of Doo-myeon -- the operators of Upbit -- the attack took place at 1:06 pm KMT today.
The wallet in question shows a total of 17 transactions, and at the time of publication, the reportedly stolen ETH remains in storage.
The executive has promised that Upbit assets will cover the stolen funds and customers will not be impacted beyond an estimated two-week timeframe for deposit and withdrawal services to resume.
Any remaining cryptocurrency in the exchange's hot wallet has been transferred to a hardware-based cold wallet storage system that is not connected to the Internet.
However, the "abnormal transaction" has raised questions. The prevalence of attacks against cryptocurrency exchanges means that it is not recommended that so many coins are kept in hot storage and potentially accessible by threat actors, and no information has been released on how the alleged cyberattack took place.
On Reddit, some users have questioned the authenticity of the hack claim, which is no surprise given how often exchanges will say they have suffered a cyberattack, only to perform an exit scam.
Previous and related coverage
- Cryptocurrency executives charged with running $11 million Ponzi scheme
- Researchers invent cryptocurrency wallet that eliminates 'entire classes' of vulnerabilities
- InnfiRAT malware lurks in your machine to steal cryptocurrency wallet data
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0