South Korean exchange GDAC gas become the latest victim of a hack, with cybercriminals stealing a quarter of its reserves.
South Korean crypto exchange Gdac has been hacked and had nearly $13 million stolen from its hot wallet on Sunday.
The hackers took 61 BTC, 350.5 ETH, 10 million wemix token and $220k USDT.
— whalechart (@WhaleChart) April 10, 2023
The hackers infiltrated the exchange’s hot wallet on the morning of April 9, the exchange confirmed in a statement. They made off with 60.8 BTC, 350 ETH, 220,000 USDT, and 10 million WEMIX tokens; the digital assets accounted for 23% of GDAC’s total assets.
Immediately after it detected the hack, the exchange suspended all wallet services and reported the incident to the police, the Korea Internet & Security Agency, and the Korea Financial Intelligence Unit (KoFIU).
GDAC also called on asset issuers and DeFi and CeFi exchanges to freeze the assets.
Wemix Network, whose native token WEMIX was among the stolen assets, was the first to respond. The team claimed to follow the developments and would act accordingly, although it didn’t indicate whether it would be freezing the stolen assets.
According to blockchain analytics platform BlockSec, the hacker quickly converted all the USDT he stole into ETH and then laundered the Ether through Tornado Cash, the controversial Ethereum-powered coin mixing service. He reportedly also bridged the stolen WEMIX tokens to Ethereum.
The South Korean exchange #GDAC announced that its hot wallet was hacked on April 8 (UTC), and the value of lost assets were ~13M USD.
On Ethereum, the hacker swapped all 220k $USDT for Ether and laundered all 461 Ether into @TornadoCash.
On WEMIX, after stealing 10M… pic.twitter.com/KQCvAaMVIJ
— MetaSleuth (@MetaSleuth) April 11, 2023
Yet another blockchain sleuth ruled out the leaking of GDAC’s private keys as the genesis of the hack. First, all the stolen BTC was not transferred directly to the attacker’s address: “If the attacker has the private key, he can withdraw all funds to his own address.” Second, over 750,000 WEMIX tokens remain on the GDAC withdrawal wallet address: A leaked private key would have seen the wallet swept clean.
As CoinGeek reported, digital asset hacks surged in Q1, with over 70 hacks recorded in the three months ending March 31. This was almost triple the 25 hacks recorded in a similar period last year. Worryingly, over 99% of the hacks were on DeFi platforms.
Watch: Sentinel Node Blockchain Tools to Improve Cybersecurity
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.