Despite some of them have advanced security measures, cryptocurrency exchange platforms remain one of the hackers’ favorite targets. As reported by digital forensics specialists, Upbit, a South Korean-based crypto exchange platform, has been the victim of a cyberattack that led to the theft of 342k Ethereum units, equivalent to $48.5M USD at current exchange rate.
Rumors about the incident began circulating on Tuesday’s early hours; a couple of hours later, Lee Seok-woo, CEO of Upbit, confirmed the theft via a statement posted on the platform’s website: “Around 13:06 (local time) this Tuesday, November 27, were transferred 342,000 ETH from the Upbit Ethereum hot wallet (term referring to an Internet-connected cryptocurrency wallet) to an unknown address,” the statement says.
The Upbit website also shows a screenshot with the address to which the assets were transferred; so far those responsible for the attack have not made any operation in this online wallet, experts in digital forensics say. (photo)
The exchange platform ensures that any Ethereum replacements arising from this incident will be funded, so affected users must remain in communication with the company to learn about their digital assets recovery process.
As a security measure, Upbit digital forensics team mentioned that all platform assets have been transferred to their cold wallets (a term used to refer to cryptocurrency wallets that are not connected to the Internet, so they are safe from cyberattacks) at least until they can ensure that the threat has been eliminated.
It is important to note that, while a hot wallet is a software-based virtual asset storage implementation (usually through mobile apps or computer programs), cold wallets are hardware-based implementations, so they can be maintained offline while not being used, so a threat actor would require physical access to these resources to try to steal them.
The investigation will remain ongoing for at least the next two weeks. In the meantime, all operations on Upbit are suspended. The platform strongly asks its users to refrain from sending cryptocurrencies until further notice.
A few days ago, digital forensics specialists at the International Institute of Cyber Security (IICS) reported a cybersecurity incident related to the Monero cryptocurrency. One user noticed that when downloading a 64-bit Linux binary to work with this virtual currency, the SHA256 hash did not match the one displayed on the official website. After an internal investigation, the team behind Monero determined that the file had been altered by a malicious user with the intention of stealing some units from the virtual asset.
As a security measure, the platform recommended to its users who downloaded this file to verify the hashes of the binary, in addition to deleting them and downloading them again in case of detecting any anomalies. Although the incident was detected in time, there appear to have been cryptocurrency thefts arising from this incident, although until now Monero has not revealed further details.