Upbit, South Korea’s largest cryptocurrency exchange, has become a victim of a scandal that is significant enough to lead the exchange to bankruptcy. On September 24th, Upbit realized that a significant portion of the Aptos (APT) tokens deposited into the exchange were fake. Following the incident, Upbit announced the suspension of APT deposit and withdrawal transactions.
According to allegations, unidentified attackers managed to bypass Upbit’s systems and successfully deposit fake crypto assets disguised as APT tokens. Subsequently, these fake assets, referred to as “ClaimAPTGift” in the contract, spread to several accounts trading on the exchange. The South Korean data analysis protocol, Definalist, first brought this situation to public attention.
Following the incident, both the exchange team and investors were left confused and uncertain. According to Web3 Builders, a South Korean news source, Upbit, without suspecting any fraudulent transactions, facilitated the trading of fake tokens that affected an estimated 100,000 account holders and had a total value of $3.4 billion.
In an effort to resolve the situation, Upbit officials are working to identify the individuals responsible for the fake token swaps and requesting refunds. After these developments, Upbit released a statement announcing the suspension of Aptos transactions. The exchange officials also reached out to affected investors, explaining the situation and initiating the process of reclaiming the fake tokens.
Web3 Builders claimed that efforts are underway to trace the individuals responsible for the fraudulent deposit of fake assets. The news source highlighted the strict regulations in South Korea’s cryptocurrency market and added that given the Know Your Customer (KYC) regulations, catching the culprits is a matter of time. Definalist also shared a statement from the co-founder of TunaBot chatbot, explaining how the scammers managed to introduce fake crypto assets into the exchange system.
According to the co-founder, who posted under the username “mingming” on X, the incident was revealed due to a technical observation during the deposit process. A system error caused the fake tokens to be recognized as genuine APT tokens. In other words, each crypto asset sent from the Aptos ecosystem to the Upbit wallet was evaluated as APT by the Upbit system, and the attackers took advantage of this vulnerability to carry out a billion-dollar heist.
The fact that the fake asset had a six decimal system, unlike the eight decimal system of APT, and Upbit quickly noticed this discrepancy, prevented a major crisis. According to an estimate made through Definalist, if the fake token had an eight decimal system, thousands of investors would have suffered losses, leading to the bankruptcy of Upbit.