Upbit, South Korea’s largest cryptocurrency exchange, said it discovered and fixed a serious flaw in its internal wallet system during an investigation into the recent theft of $30 million from the platform.
Key points to remember:
- Upbit found and fixed a wallet flaw that could have exposed private keys, but did not confirm it was behind the $30 million hack.
- This breach cost around 44.5 billion won, while around 2.3 billion won has already been frozen.
- The exchange halted operations, transferred the funds to cold storage and committed to a full refund.
In a statement released Friday, Upbit CEO Oh Kyung-seok revealed that engineers identified a weakness in the exchange’s wallet software that could have allowed attackers to infer private keys by studying publicly available blockchain data.
However, the crypto company did not confirm whether the vulnerability played a role in the breach.
Upbit claims internal wallet bug may have exposed private keys
The flaw did not come from the blockchains themselves but from the way Upbit’s wallet software generated cryptographic signatures.
According to the exchange, the issue could have produced weak or predictable signature data, creating the possibility that a sophisticated attacker could mathematically reconstruct wallet keys by analyzing historical transactions.
“We identified and fixed the vulnerability during a comprehensive inspection of all networks and associated wallet systems,” Oh said, adding that the company activated emergency response protocols and halted all withdrawals and deposits until the systems were verified as secure.
Upbit shut down on-chain activity on November 26 after detecting abnormal outflows from its Solana-based hot wallets.
Affected tokens included SOL, ORCA, RAY and JUP, the exchange said. The assets were quickly moved to cold storage while forensic examinations began.
Losses totaled about 44.5 billion won ($30 million), including about 38.6 billion won ($26 million) in customer holdings.
The exchange confirmed that around 2.3 billion won ($1.5 million) of funds have already been frozen through coordination with external parties.
Upbit stressed that it had not established a direct link between the wallet vulnerability and the theft. The problem was only discovered during an internal audit triggered by the incident.
“No security system can ever be considered perfect,” Oh said, promising infrastructure upgrades and continued transparency as investigations continue.
The company said all affected users would be fully refunded using internal reserves. Withdrawals and deposits will remain suspended until final security inspections are completed.
South Korean investigation points finger at North Korean group Lazarus in Upbit hack
South Korean authorities opened an investigation and local reports cited early intelligence assessments linking the intrusion to the North Korean Lazarus Group.
The group has previously been linked to cryptocurrency thefts aimed at generating revenue for Pyongyang amid a persistent shortage of foreign currencies.
Officials believe this time the hackers may have bypassed basic infrastructure by impersonating administrators or compromising internal accounts to authorize the withdrawal.
Upbit continues to work with law enforcement and blockchain projects to freeze and recover assets where possible, the exchange said.
The incident comes at a sensitive time for Upbit’s parent company Dunamu, which is preparing for a merger with South Korean internet giant Naver ahead of a possible public listing.
The post Upbit Discovers Critical Wallet Flaw Amid Investigation into $30 Million Hack appeared first on Cryptonews.
