In one of the biggest heists in the cryptocurrency arena, the Korean exchange Upbit was compromised on 27-Nov-2019 during which a rogue entity managed to transfer 342,000 ETH (estimated to be worth approximately 52 million US dollars or 58 billion Won at the time of transaction) from the exchange’s hot wallets to his own. Initially, Upbit used the word “unusual withdrawal” in its press release but later admitted that it was hacked. As is the norm after any major breach, Upbit suspended all deposits and withdrawals as well as transferred all assets from its hot wallets to cold wallets. The exchange announced that it would replace stolen customer assets with the company’s assets.
The attack again raised many questions on the security of crypto-exchanges, the primary one being that how even today, with the relative maturity of crypto / block-chain sector and terrible lessons acquired from the past, rogue actors can get access to such astronomical amounts that easily and why the crypto exchanges keep so much funds in their hot wallets anyways? However, Upbit has not publicly commented on the attack vector, so it’s not known how the funds were accessed and conveniently transferred outside without any hindrance or alarm from the exchange internal security system.
Funds Dispersion and Attempts to Track
As of now, the attacker is continuing to disperse the stolen funds into multiple wallets in small small accounts (currently over 50 accounts) in the hopes of avoiding scrutiny and to make it difficult for analysts and analytic platform to track the movement of funds.
However, due to the open nature of the Ethereum platform, it’s extremely difficult to do it. Ethereum tracking and analytic platform Ether-scan has tracked the movement of funds since the beginning and is assigning a specific marker to each account to which the attacker is moving funds to.
For instance, the first wallet where the…