Upbit exchanges gets hacked according to a notification on the site. Upbit is a South Korean based cryptocurrency exchange that has grown exponentially in the past few years. It has expanded to the international market with an exchange branch in Singapore. Sometime in the previous days, $48 Million in Ethereum tokens was stolen by hackers. They moved the tokens from a hot wallet to an anonymous wallet address.
The company claims that the assets of their investors were safe. They even mentioned that they would refund the 342,000 ETH tokens would be replaced. However, as a security measure they have shut down the exchange deposits and withdrawal services. This will continue till damage assessment has been completed and the losses suffered reimbursed.
Hackers have been increasingly targeting exchanges as they provide higher stakes. If a hacker gets through, there is potentially millions to be gained by the breach. Wallets are stored on the internet making them more vulnerable than wallets stored on local drives. Very few investors keep their tokens offline because of the convenience of exchanging them easily. Upbit exchanges gets hacked for such a large amount because investors never withdrew their cryptocurrency to an offline location.
What is a hot wallet?
A hot wallet refers to a Bitcoin wallet that is online and connected in some way to the Internet. It is a term that refers to bitcoins that are not being kept in cold storage.
Bitcoin-related services and exchanges that are able to pay out withdrawals instantly can be said to be paying them from a “hot wallet”. The term can also be used loosely to refer to keeping bitcoins in an exchange where they can be withdrawn on demand. Its real-world analogy is keeping cash on person: easy access, but greatest risk of unrecoverable theft in the event of an attack.
Operating a “hot wallet” is also a risk to its owner, because most computer systems have hidden vulnerabilities of some sort that can eventually be used by hackers or malware to break into the system and steal the bitcoins.
Keeping large amounts of bitcoins in a hot wallet is a fundamentally poor security practice. Most, if not all of the Bitcoin losses incurred in all the known hackings in Bitcoin history can be attributed to funds kept in hot wallets.
Most reputable services offering Bitcoin withdrawal of some sort will keep a very limited number of bitcoins in a hot wallet to enable immediate withdrawals of small/typical amounts, but will require a delay and manual activity to process a larger withdrawal, as the bitcoins are retrieved from other storage.
From their website
Dear Upbit Investors,
This announcement is to clarify the reason for the unscheduled suspension of crypto-asset deposit/withdrawal.
First of all, we apologise for any inconvenience we have caused you.
At approximately 13:06 on November 27th, 2019 (KST), 342,000 ETH was sent from Upbit’s Ethereum hot wallet to an anonymous wallet address – 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.
We took immediate actions to protect your assets, and no investors’ assets were lost.
Actions include:
Suspensions of all crypto-asset deposits and withdrawals
Transfer of all crypto-assets to cold wallets. (Please note that all large-scale asset transfers following the ETH transfer was part of this process.)
In addition, Upbit will replace the 342,000 ETH with the company’s assets immediately.
We will announce again after the completion of this process.
Crypto-asset deposit and withdrawal will be enabled in approximately 2 weeks. We will notify you of the exact date once it is finalized.
We also promise to update you with any further developments.
Also, we ask for the crypto community’s support in blocking deposits from the anonymous address 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.
If you find out any information regarding to this suspicious transaction or the anonymous wallet, please report to us.