South Korea's GDAC Hacked

According to the South Korean cryptocurrency exchange on Monday, hackers stole approximately 23% of digital assets stored in GDAC's hot wallet. GDAC's Chief Executive Officer, Seunghwan Han, confirmed the attack in a statement posted on the company's website on Monday.

GDAC was founded in 2018 and is owned by Streami Inc., a fintech firm focused on creating blockchain technology and digital asset-related services. The exchange has promoted its “Proof of Real Trade” method as a means of preventing market manipulation and ensuring that trade volumes are accurate. Traders are required to validate their transactions using a mobile application that records and verifies transaction data under this scheme.

Han disclosed in the statement that the stolen custodial assets include 60.8 Bitcoin, 350.5 ETH, 10 million WEMIX tokens, and 220,000 USDT. According to the prices of the respective digital assets on CoinMarketCap as of April 10, 2023, the amount of stolen digital assets was $1.7 million, $652.8 million, $11.8 million, and $220,000 million, respectively. This resulted in a total loss of $14.2 million.

Han explained that the hack occurred around 7 a.m. on Sunday, and the stolen cryptocurrencies were transferred to an unidentified wallet. As a result of the incident, the CEO stated that the exchange had suspended and blocked access to its wallet system and servers.

The exchange also stated that the incident had been referred to the police for a cyber investigation. According to the statement, the company also reported the incident to the Korea Internet and Security Agency (KISA). Furthermore, the cryptocurrency exchange reported the hack to the Korea Financial Intelligence Unit (FIU). The FIU is the Korean government agency in charge of coordinating the country's anti-money laundering and counter-terrorism financing regime.

Regarding GDAC's activities, Han stated that the company is seeking collaboration from asset issuers, exchanges, and decentralised finance managers in order to freeze assets or deposit funds from the address where the withdrawal occurred.

Han further elaborated in Korean that the company is now doing its best by collaborating with a variety of organisations. He also admitted that the resumption of deposit and withdrawal is facing some obstacles at the moment with the ongoing investigation.

In response to the news, the WEMIX Foundation dissociated itself from the attack, stating that all foundation and community assets on its network are secure.

“This incident has had no effect on the quantity and condition of Foundation-managed WEMIX, as well as the security and safety of the platforms, DApp services, and smart contracts,” the Foundation noted.

The Foundation, on the other hand, stated that it had taken actions to assist GDAC in tracing the stolen digital assets, including barring deposits and transfers from suspect wallets on all global exchanges where WEMIX tokens are listed. It has also notified WEMIX bridge service providers, Multi-chain and Orbit Bridge, to tighten security procedures.

The Foundation noted that liquidity offered for Uniswap V3 via the WEMIX-USDC pair had been temporarily withheld to prevent liquidity depletion caused by fraudulent transactions and that its staff would do its utmost to minimise the potential negative impact on the WEMIX community and investors.

Meanwhile, according to recent Chainplay data, over $30 billion has been lost to crypto-related crime in the last ten years. According to the business, cybercrime reached an all-time high in 2022, with USD$12 billion taken in 436 attacks.