Upbit Discovers Security Breach Involving Fake APT Tokens

South Korea’s largest cryptocurrency exchange, Upbit, is facing a significant security breach that has rattled the cryptocurrency community. The breach came to light when Upbit detected a fraudulent deposit on its platform, where scammers had successfully presented a fake coin as the legitimate Aptos (APT) token.

Extent of the Upbit Breach

The breach became apparent when Upbit’s system mistakenly identified the fake coin as APT, allowing a bot to deposit a substantial quantity of counterfeit tokens into numerous user accounts. The scale of the breach is staggering, impacting an estimated 100,000 accounts, all of which held APT deposits.

Notably, the total value of the fake APT tokens amounted to an astonishing $3.4 billion, making it one of the most significant cryptocurrency security breaches in recent history. There were also reports of numerous Korean users claiming they received APT tokens without initiating the transactions themselves.

Immediate Action by Upbit

In response to the breach, Upbit swiftly took action to safeguard its users. They suspended APT deposits and withdrawals, citing the need for wallet system maintenance.

⚡️How did such a huge and foolish incident occur?

– It seems that during the process of reflecting $APT coin deposits, there was a failure to check the type arguments, and all same functions transfers were recognized as the same APT native token.
– Under normal circumstances,… https://t.co/CvDgTdqnGl pic.twitter.com/8gEx5YnOLH
— Definalist (@definalist) September 24, 2023

In a statement to users, the exchange explained,

Due to the maintenance of the Aptos (APT) wallet system, we are suspending the Aptos (APT) deposit and withdrawal service. We will resume deposits and withdrawals once the maintenance is complete, and we will update the service resumption through this notice.

Investigation by Crypto Specialist

South Korean crypto specialist and co-founder of TUNABOT, “Mingmingbbs,” played a key role in uncovering critical details about the breach. His investigation revealed that the fake APT tokens were not the native Aptos Network coin but rather a fraudulent token named “ClaimAPTGift.” The issue arose because Upbit’s system did not properly check the type of coins being transferred, mistakenly treating all coins as the same APT token.

Upbit Surpasses Coinbase and OKX in Spot Trading Volume in July

Normally, it should have checked specific conditions, like whether the coins matched a certain type. Fortunately, a disaster was averted because the scammer’s token had a different decimal system (6) than the real one (8), preventing users from receiving $25,000 instead of $250, which could have caused “significant disruption.”

Market Response

Despite the incident, investors have shown resilience with APT prices surging just over 5% over the past 24 hours, currently trading at $5.42. Many have dismissed the news as typical FUD (Fear, Uncertainty, Doubt).

Ex-SEC Lawyer John Reed Stark Urges DOJ to Take Action Against Crypto Scammers

Hong Kong to Publicly Disclose Crypto License Applicants Following JPEX Investigations