Cryptocurrency exchange UPbit announced today that it lost almost US$50 million worth of ether (ETH) in an apparent security breach.
According to this statement by Lee Seok-woo, the CEO of the exchange’s operator Dunamu, around 342,000 ETH were moved from the platform’s ‘hot wallet’ to this unrecognized wallet today shortly after 1 p.m. local time. Client funds were not affected, said the South Korea-based cryptocurrency exchange.
The incident was also noted on Twitter by Whale Alert, a service that tracks major cryptocurrency transactions.
UPbit said that, in the wake of the incident, it moved all virtual coins to cold wallets. Cold-storing is a method used for the long-term storage of cryptocurrencies offline in order to reduce the likelihood of funds being stolen. By contrast, hot wallets are connected to the internet and are used to carry out transactions.
The exchange has also halted all deposits and withdrawals and said that, in order to protect its clients’ virtual funds, the transactions will remain suspended for two weeks. The exchange said that it will cover the loss from its own funds. Additional details are scarce; notably, there’s no word on how the theft is thought to have taken place.
Launched two years ago, UPbit went on to become one of South Korea’s largest cryptocurrency exchanges. Just months ago, its users were targeted in a phishing campaign with a fake giveaway used as the pretense. Weeks earlier, another major South Korean cryptocurrency exchange, Bithumb, lost up to US$20 million worth of digital money in a suspected inside job.
Indeed, recent years have seen a string of cyberattacks against the infrastructure of providers that cater to virtual currencies and their users, including high-profile thefts of people's virtual money. Recent ESET research, too, discovered a range of mobile apps aimed at parting people from their cryptocurrency assets.