Hackers begin moving ETH stolen in massive UPbit theft

Hackers begin moving ETH stolen in massive UPbit theft

Hackers believed to be responsible for the massive UPbit theft yesterday have begun moving the stolen coins. The 342,000 ETH loot has been split between four different addresses with smaller sums being sent to Binance and Huobi to test the exchange’s reaction.

Looking to cash out $50 million worth of ETH

UPbit, one of the largest South Korean cryptocurrency exchanges, fell victim to massive theft on Nov. 27 after unidentified hackers transferred 342,000 ETH out of the exchange’s hot wallet. The event, which was one of the largest recorded ETh thefts, raised questions about UPbit’s security and led many to wonder how the hackers will cash out their loot.

Ethereum‘s transparent ledger allows for easy tracking, which allowed UPbit to quickly locate the funds. However, the hackers split $50 million worth of coins into four different Ethereum addresses to make following the transactions harder.

Upbit Hack

Diversifying the funds didn’t do much good for the hackers, though, as security research firm Peckshield identified all four addresses and began closely monitoring the coins coming out of them. The company has been working directly with UPbit to help the exchange recover the stolen funds.

Out transactions from the wallet of Upbit Hacker.
Out transactions from the wallet of Upbit Hacker. Source: Etherscan

Peckshield co-founder Chiachih Wu said that several small transactions have been sent from the hacker’s addresses. A part of the stolen funds have reportedly been sent to Binance and Huobi accounts, but the small amounts in the transactions indicate that the hackers have been testing the waters to see whether the funds would get frozen after being deposited.

Exchanges say stolen funds will be frozen, but DEXs offer a workaround

Changpeng Zhao, the CEO of Binance, said that any stolen funds that end up on his exchange will be immediately frozen. Zhao added that Binance will work both with UPbit and other industry players to recover the funds.

However, Zhao noted that it will be almost impossible to stop the hackers from cashing out on Binance’s decentralized exchange. It doesn’t require users to register accounts or provide personal information in order to trade, which is why many expect the hackers to resort to Binance DEX.

Exchanges aren’t the only ones keeping a close eye on the funds—dozens of users have been sending micro-transactions and messages to the hacker’s wallets. A widespread dusting attack might, in theory, increase the odds of tracking the funds that come out of the hacker’s wallet.

While the eyes of the crypto community are pointed at the flagged wallets, UPbit said that all losses from the theft will be covered. The exchange said it will be fully operational in two weeks and that all users who lost funds in the hack should be reimbursed by then.

Posted In: , Analysis, Crypto Exchanges, Hacks, Trading
Invest with AMFEIX

Like what you see? Subscribe to CryptoSlate

Get our daily newsletter containing the top blockchain stories and crypto analysis straight to your inbox.

Sign up to stay informed
Priyeshu Garg

Priyeshu Garg

Crypto Analyst @ CryptoSlate

Priyeshu is a software engineer who is passionate about machine learning and blockchain technology. He holds an engineering degree in computer science engineering and is a passionate economist. He built his first digital marketing startup when he was a teenager, and worked with multiple Fortune 500 companies along with smaller firms. When he is not solving transportation problems at his company (Ola), he can be found writing about the blockchain or roller skating with his friends.

View author profile

Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.