TL;DR
- Binance Response: The exchange managed to freeze only 17% of the stolen Solana, roughly $75,000, and confirmed the action 15 hours after investigators’ urgent request.
- Upbit Security: In direct response to the hack, Upbit’s operator, Dunamu, increased cold wallet storage to 99% of customer assets, surpassing South Korea’s legal requirement of 80%.
- WeChat Breach: Binance co-CEO Yi He’s abandoned WeChat account was hijacked and exploited to promote scam token Mubarakah, netting attackers about $55,000.
Korean authorities are raising alarms over Binance’s limited intervention in the recent Upbit hack, where the exchange froze only 17% of the stolen Solana. The delay and scale of the freeze have sparked criticism from security experts, who argue that rapid action is essential in preventing large-scale losses. The incident has also intensified scrutiny of the crypto exchange’s broader security posture, especially as its new co-CEO Yi He faced a separate account hijacking scandal.
Investigators Question Binance’s Limited Freeze
Authorities reported that hackers stole 44.5 billion won, about $30 million, from Upbit’s Solana hot wallet. Investigators urgently requested Binance to freeze 470 million won, roughly $370,000, traced to the attackers. However, Binance froze only 80 million won, about $75,000, representing 17% of the flagged assets. The freeze was confirmed 15 hours after the request, a delay that analysts say allowed attackers to disperse funds across more than a thousand wallets using token bridges and swaps.
Security Experts Call for Global Coordination
Critics argue Binance’s hesitation undermined efforts to contain the breach. Cho Jae-woo of Hansung University’s Blockchain Research Institute emphasized that decisive freezes are vital to prevent cascading losses. He suggested the creation of a global emergency hotline or coordinated authority capable of imposing immediate freezes during crises. Analysts noted that despite complex laundering tactics, most stolen tokens eventually flowed into Binance service wallets, making its intervention crucial.
Upbit Tightens Asset Protection
In response, Upbit operator Dunamu announced that 99% of customer assets will now be stored in cold wallets, up from 98.33% in October. This exceeds South Korea’s legal requirement of 80% cold storage. The move aims to minimize hot wallet exposure after the hack, which highlighted vulnerabilities in real-time asset management. Investigators continue to probe possible links to North Korea’s Lazarus Group, known for sophisticated cyberattacks targeting crypto exchanges.
Binance Faces Separate WeChat Hijack Incident
Adding to Binance’s troubles, co-CEO Yi He revealed her long-abandoned WeChat account was hijacked and used to promote a scam token called Mubarakah. Attackers inflated its price and profited about $55,000 before Binance regained control with WeChat’s help. The breach echoed a similar compromise of Justin Sun’s account weeks earlier. Security experts warned that China’s practice of reissuing unused mobile numbers increases risks of SIM-linked exploits, urging crypto leaders to adopt stricter digital hygiene.
