Upbit falls victim to fraudulent deposit incident
South Korea’s top crypto exchange, Upbit, has fallen victim to a fraudulent deposit incident, throwing its operations into chaos.
On Sept. 24, Upbit reportedly halted the depositing and withdrawal of Aptos (APT) tokens after discovering that some of them were fake.
Apparently, an unknown entity managed to deposit counterfeit coins, which Upbit’s systems erroneously recognized as APT tokens, into the exchange. Consequently, fake coins — identified as “ClaimAPTGift” — were disseminated into several unspecified accounts.
The information was first made public by “Definalist,” an X account run by several South Korean crypto traders.
Amazing Korean exchange upbit incident today
1. The Largest S.Korean exchange @Official_Upbit , abruptly halted Aptos’ deposits and withdrawals, citing a wallet system maintenance without any specific reason
2. Various Korean users have posted authentication claiming that they… pic.twitter.com/OjfCwhB4eV
— Definalist (@definalist) September 24, 2023
The aftermath of this event has been marked by confusion and uncertainty. According to Korean web3 news outlet Web3 Builders, Upbit, unsuspecting of the counterfeit deposit, allowed the trading of the fake coins, which had a total value of $3.4 billion, affecting an estimated 100,000 account holders.
Per the report, the exchange is now scrambling to rectify the situation, reaching out to those who traded the fake coins and soliciting their return.
You might also like: Hong Kong police arrest 11 people in ongoing JPEX crypto investigation
In response to the incident, Upbit issued a statement suspending the deposit and withdrawal service of APT. The exchange has also reportedly embarked on a rigorous process of engaging the affected users via telephone calls, explaining the situation, and requesting the return of the fake coins.
Looking ahead, Web3 Builders has suggested that efforts are underway to track down the individuals responsible for the counterfeit coin deposit. Given South Korea’s stringent Know Your Customer (KYC) regulations in the crypto market, it is likely that the culprits will be apprehended and face charges.
Definalist also shared a possible explanation offered by a co-founder of the TunaBot chatbot of how the scammers managed to get the fake APT tokens into the Upbit system.
⚡️How did such a huge and foolish incident occur?
– It seems that during the process of reflecting $APT coin deposits, there was a failure to check the type arguments, and all same functions transfers were recognized as the same APT native token.
– Under normal circumstances,… https://t.co/CvDgTdqnGl pic.twitter.com/8gEx5YnOLH— Definalist (@definalist) September 24, 2023
According to the co-founder, who goes by the X handle @mingmingbbs, the incident arose due to a technical oversight during the deposit process of the APT token. A fault in the system caused it to recognize every function as the same APT token. Apparently, it meant any coin from the Aptos ecosystem sent to Upbit’s wallet was erroneously treated as an APT native coin.
However, a serious crisis was averted due to the fake token having six decimals, unlike the native Aptos token’s eight. In @mingmingbbs’s estimation, had the fake token also used the 8-decimal system, thousands of users would have flooded the market with the inflated APT, wreaking havoc on the exchange.