South Korea’s largest cryptocurrency exchange, Upbit, is facing a significant security breach that has rattled the cryptocurrency community. The breach came to light when Upbit detected a fraudulent deposit on its platform, where scammers had successfully presented a fake coin as the legitimate Aptos (APT) token.
Extent of the Upbit Breach
The breach became apparent when Upbit’s system mistakenly identified the fake coin as APT, allowing a bot to deposit a substantial quantity of counterfeit tokens into numerous user accounts. The scale of the breach is staggering, impacting an estimated 100,000 accounts, all of which held APT deposits.
Notably, the total value of the fake APT tokens amounted to an astonishing $3.4 billion, making it one of the most significant cryptocurrency security breaches in recent history. There were also reports of numerous Korean users claiming they received APT tokens without initiating the transactions themselves.
Immediate Action by Upbit
In response to the breach, Upbit swiftly took action to safeguard its users. They suspended APT deposits and withdrawals, citing the need for wallet system maintenance.
In a statement to users, the exchange explained,
Due to the maintenance of the Aptos (APT) wallet system, we are suspending the Aptos (APT) deposit and withdrawal service. We will resume deposits and withdrawals once the maintenance is complete, and we will update the service resumption through this notice.
Investigation by Crypto Specialist
South Korean crypto specialist and co-founder of TUNABOT, “Mingmingbbs,” played a key role in uncovering critical details about the breach. His investigation revealed that the fake APT tokens were not the native Aptos Network coin but rather a fraudulent token named “ClaimAPTGift.” The issue arose because Upbit’s system did not properly check the type of coins being transferred, mistakenly treating all coins as the same APT token.
Normally, it should have checked specific conditions, like whether the coins matched a certain type. Fortunately, a disaster was averted because the scammer’s token had a different decimal system (6) than the real one (8), preventing users from receiving $25,000 instead of $250, which could have caused “significant disruption.”
Despite the incident, investors have shown resilience with APT prices surging just over 5% over the past 24 hours, currently trading at $5.42. Many have dismissed the news as typical FUD (Fear, Uncertainty, Doubt).