Hackers begin moving ETH stolen in massive UPbit theft

Hackers begin moving ETH stolen in massive UPbit theft

Hackers believed to be responsible for the massive UPbit theft yesterday have begun moving the stolen coins. The 342,000 ETH loot has been split between four different addresses with smaller sums being sent to Binance and Huobi to test the exchange’s reaction.

Looking to cash out $50 million worth of ETH

UPbit, one of the largest South Korean cryptocurrency exchanges, fell victim to massive theft on Nov. 27 after unidentified hackers transferred 342,000 ETH out of the exchange’s hot wallet. The event, which was one of the largest recorded ETh thefts, raised questions about UPbit’s security and led many to wonder how the hackers will cash out their loot.

Ethereum‘s transparent ledger allows for easy tracking, which allowed UPbit to quickly locate the funds. However, the hackers split $50 million worth of coins into four different Ethereum addresses to make following the transactions harder.

Upbit Hack

Diversifying the funds didn’t do much good for the hackers, though, as security research firm Peckshield identified all four addresses and began closely monitoring the coins coming out of them. The company has been working directly with UPbit to help the exchange recover the stolen funds.

Out transactions from the wallet of Upbit Hacker.
Out transactions from the wallet of Upbit Hacker. Source: Etherscan

Peckshield co-founder Chiachih Wu said that several small transactions have been sent from the hacker’s addresses. A part of the stolen funds have reportedly been sent to Binance and Huobi accounts, but the small amounts in the transactions indicate that the hackers have been testing the waters to see whether the funds would get frozen after being deposited.

Exchanges say stolen funds will be frozen, but DEXs offer a workaround

Changpeng Zhao, the CEO of Binance, said that any stolen funds that end up on his exchange will be immediately frozen. Zhao added that Binance will work both with UPbit and other industry players to recover the funds.

However, Zhao noted that it will be almost impossible to stop the hackers from cashing out on Binance’s decentralized exchange. It doesn’t require users to register accounts or provide personal information in order to trade, which is why many expect the hackers to resort to Binance DEX.

Exchanges aren’t the only ones keeping a close eye on the funds—dozens of users have been sending micro-transactions and messages to the hacker’s wallets. A widespread dusting attack might, in theory, increase the odds of tracking the funds that come out of the hacker’s wallet.

While the eyes of the crypto community are pointed at the flagged wallets, UPbit said that all losses from the theft will be covered. The exchange said it will be fully operational in two weeks and that all users who lost funds in the hack should be reimbursed by then.

Like what you see? Subscribe for daily updates.