Upbit, South Korea’s largest cryptocurrency exchange and the 24th largest in the world by trading volume, is dealing with a major security crisis after a significant breach involving the Aptos (APT) token.
The security breach became apparent on Sunday morning when Upbit’s system mistakenly identified the counterfeit token as APT, permitting a bot to deposit substantial quantities of fake tokens into various user accounts.
As such, this incident impacted approximately 100,000 accounts, all of which contained APT deposits, resulting in one of the most significant cryptocurrency security breaches in recent memory. The total value of the counterfeit APT tokens amounted to $3.4 billion.
Meanwhile, many Korean users also reported receiving APT tokens without initiating the transactions themselves.
Immediate Action by Upbit
In response to the breach, Upbit took swift action to protect its users by suspending APT deposit and withdrawal services, citing the need for maintenance on the wallet system. They said,
“We are suspending Aptos (APT) deposit and withdrawal services due to maintenance of the Aptos (APT) wallet system. We will resume deposit and withdrawal services once the maintenance is completed and will update you through this announcement when the service resumes.”
Subsequently, the cryptocurrency exchange stated that Aptos (APT) deposit and withdrawal services had been resumed after the Aptos (APT) wallet system had been inspected and deposit/withdrawal stability had been confirmed. It also stated that the action against the abnormal deposit attempt had been completed and that there were no problems with users’ Aptos transactions.
How Did It Happen?
A South Korean crypto expert “Definalist” played a crucial role in shedding light on the breach. According to their investigation, the counterfeit APT tokens were not genuine Aptos Network tokens but rather fraudulent tokens bearing the ticker name “ClaimAPTGift.”
Amazing Korean exchange upbit incident today
1. The Largest S.Korean exchange @Official_Upbit , abruptly halted Aptos' deposits and withdrawals, citing a wallet system maintenance without any specific reason
2. Various Korean users have posted authentication claiming that they… pic.twitter.com/OjfCwhB4eV
— Definalist (@definalist) September 24, 2023
They further explained that the issue arose from Upbit’s system failing to verify the type of transferred tokens and processing all tokens as the same APT token. Typically, the system should have conducted specific checks to ensure tokens matched a particular type.
However, disaster was averted as the scammer used a different decimal system for the token, preventing users from receiving $25,000 instead of $250, which could have led to a catastrophic situation.