Upbit, which is among the top four cryptocurrency exchanges in Korea, has lost 342,000 Ethereum (ETH) in a hack. This is the equivalent of $52 million as of this writing.
Whale Alert, an account on Twitter which tracks major movements of cryptocurrency, was the first to spot the hack. Whale Alert is typically used by traders as a tool to predict market movements, but is also useful for tracking significant crypto exchange hacks apparently.
Upbit claims that it will replace the 342,000 stolen Ethereum (ETH) with its own assets immediately, although it is unclear if this will actually happen since Upbit has relatively low liquidity of less than $1 million according to CoinMarketCap.
In any case, Upbit has moved all funds from hot wallets into cold wallets, and all deposits and withdrawals have been suspended. Supposedly deposits and withdrawals will open again in approximately two weeks, but until then all Upbit users will have no access to their funds.
Upbit has asked other crypto exchanges and companies to block all deposits from the hacker’s Ethereum (ETH) address. For now all of the funds remain in the address, including an additional 0.0585 Ethereum (ETH) from people sending transactions of 0.00001337 Ethereum (ETH) into it, with 1337 meaning elite in gamer talk.
At this point blockchain forensics firms are certainly scrambling to track down the hacker and recover the funds. There have been cases in the past where partial funds from a hack have been recovered, from other exchanges freezing funds connected to a hack, but there is no precedent for a hacker actually being tracked down and the funds surrendered in full.
Basically, the best thing Upbit and blockchain forensics firms can do is follow the coins and wait for them to end up on another cryptocurrency exchange, and then seize them. That might not ever happen though if the hacker is patient and intelligent.
Upbit will have to report to South Korea’s Internet and Security Agency, and it remains to be seen how the government will respond. South Korean cryptocurrency exchanges have been absolutely plagued with major hacks, and there has been plenty of speculation that North Korea is behind the hacks.