South Korea’s leading cryto exchange says hackers stole 342,000 ETH from its “hot wallets” linked to the internet.
While the theft marks another big plunder in the crypto world, the firm’s management says it will cover the losses, worth an estimated $52 million, up from $49 million at the time of the theft.
According to the announcement,
“At approximately 13:06 on November 27th, 2019 (KST), 342,000 ETH was sent from Upbit Korea’s Ethereum hot wallet to an anonymous wallet address – 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.
We took immediate actions to protect your assets, and no investors’ assets were lost.”
Trading on the exchange is still permitted but all deposits and withdrawals are frozen for two weeks.
As the crypto community speculates on the likelihood of the Upbit hack being an inside job, blockchain analysts are tracking the stolen Ethereum, which is already on the move to new wallets. Since the Ethereum network is open and public, anyone is able to view the new addresses containing the digital assets. A quick search on Blockchain.info shows that the receiving wallet now has a balance of $9.12, at time of writing, following several smaller transfers.
The stolen ETH is split among four new addresses, according to Peckshield researcher Chiachih Wu, with the hacker apparently trying to cash out on an exchange.
#UpbitHack Hacker is testing @HuobiGlobal now pic.twitter.com/0iAGxXXClY
— cwu.eth (@chiachih_wu) November 28, 2019
The chief executive officer of leading crypto exchange Binance says he is working to make sure the hackers do not cash out through the popular trading platform.
We will work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.
Stay #SAFU
— CZ ? BNB (@cz_binance) November 27, 2019
Meanwhile, a theory that the hack was an inside job designed to thwart Upbit’s tax obligations has sparked controversy.
Writes Twitter user Jeff Paik,
“Heard an interesting conspiracy that exchanges hack themselves to avoid taxes. Korean Tax Service told Bithumb to pay $30m tax in June 8, 2018. -> Bithumb got hacked $35m 12 days later.
Upbit was ordered to pay 50-60m tax in Jan 8, 2019. -> Upbit got hacked 50m today.”
Responds Zack Voell, a technical writer at Blockstream and a former researcher at crypto analysis firm Messari,
“This makes total sense. The reasoning would go something like: “Sure, after announcing the ‘hack’, we might lose dozens or even hundreds of customers (maybe more!), but hey, we don’t have to pay taxes! Worth it.”
The hack coincides with this week’s passage of a bill by South Korea’s national policy committee to establish a new regulatory framework for cryptocurrencies.
The new framework would require crypto businesses in South Korea to register with the Financial Services Commission’s (FSC) Financial Intelligence Unit (FIU), obtain an Information Security Management System certificate from the state-run Korea Internet and Security Agency, and conduct regular reporting. The requirements are designed to enforce anti-money laundering regulations and to make the industry more transparent.
Given the latest hack, however, security of consumers’ funds remains a critical challenge. According to local media outlet Yonhap News, Upbit has reported damages to police authorities and the Internet Agency (KISA), and a joint investigation is underway.
While a report by Korea Joongang Daily, prior to the hack, declared that cryptocurrency is one step closer to being legitimate in Korea, Yonhap News suggests rising concerns.
An industry official says,
“We are sensitive to security issues arising ahead of the parliament’s passage of the special bill amendment, which is the first step in the enactment of regulations for cryptocurrency exchanges.”