Apology statement issued in the name of CEO Oh Kyung-seok
An Upbit advertisement installed at a subway station in Seoul on the 28th. Yonhap News
Dunamu, the operator of South Korea’s largest virtual asset exchange, ‘Upbit’, issued an apology under the CEO’s name over a hacking incident that caused more than 40 billion won in asset losses.
On the 28th, Dunamu CEO Oh Kyung-seok posted an apology on the Upbit website, stating, “We deeply apologize for causing concern to our members due to the cyber intrusion,” and “There is no excuse for this breach, which was due to inadequate security management at Upbit.”
He continued, “Upbit conducted a comprehensive inspection immediately after detecting abnormal withdrawals from our Solana-based wallet the previous morning,” adding, “We discovered and addressed a security vulnerability whereby analyzing multiple Upbit wallet transactions publicly available on the blockchain could allow inference of the private key (a kind of password that allows access to a blockchain wallet address and assets).”
According to Dunamu, the losses identified by Upbit amount to about 44.5 billion won, of which around 5.8 billion won was the company’s loss. Member losses total around 38.6 billion won, of which 2.3 billion won has been frozen. Oh said, “We reiterate that member losses have been fully covered with Upbit’s own assets.”
Oh added, “We have activated a company-wide emergency response system and are re-examining the entire security system related to this breach,” and “We will do our utmost to strengthen our security framework and provide a safer service.”
On the 27th, a hacking incident occurred at Upbit in which part of assets on the Solana network worth 44.5 billion won were transferred to wallet addresses not designated internally. Following a report by Upbit, security inspections are underway by the financial authorities and the Korea Internet & Security Agency (KISA).
In the security industry, the hacking group ‘Lazarus’ under North Korea’s Reconnaissance General Bureau is being mentioned as the likely culprit. Lazarus has been identified as a group involved in the theft of Ethereum worth 58 billion won stored at Upbit on November 27, 2019, exactly six years ago.
