South Korea’s largest cryptocurrency exchange, Upbit, found itself in the midst of a major security breach today as it mistakenly identified fake APT tokens as genuine and allowed these malicious actors to deposit a substantial amount of these tokens into multiple user accounts. The exchange has swiftly responded to the situation by calling on users who unknowingly sold the fraudulent tokens to request refunds and has taken the immediate step of suspending both deposits and withdrawals of APT.
The shocking incident has left the cryptocurrency community bewildered and raises pressing questions about the vulnerabilities within the crypto ecosystem. According to insights from blockchain analyst @definalist, the incident can be traced back to a critical failure in the verification process during the acceptance of APT coin deposits. In essence, all transactions of the same function were incorrectly recognized as the legitimate APT native tokens.
Under normal circumstances, the verification process should involve a thorough examination of the type arguments. For instance, when executing the function 0x1::aptos_account::transfer_coins, it should cross-reference the value of arguments[1] to ensure it complies with the expected conditions, such as type_arguments[0] being equal to 0x1::aptos_coin::aptosCoin.
However, in this case, the process did not differentiate between the legitimate APT tokens and the fake ones when executing the 0x1::aptos_account::transfer_coins function. Consequently, all APT ecosystem tokens sent to Upbit’s wallet were treated as native APT coins. This error created a situation ripe for exploitation.
Remarkably, the catastrophe was averted due to the scammers’ tokens having a 6-decimal precision, while the legitimate APT tokens maintain an 8-decimal precision. This subtle difference played a pivotal role in mitigating the potential losses incurred by Upbit users. If the fraudulent tokens had matched the precision of the native tokens, unsuspecting users could have received a staggering $25,000 instead of the actual $250, prompting mass sell-offs and catastrophic market disruption.
APT, known for its quirky “one coin, one apartment” meme popular in South Korea, has consistently been a significant player in the crypto market. Upbit, as the exchange with the largest spot trading volume for APT, has been at the forefront of facilitating these transactions. In the last 24 hours, Upbit’s APT spot trading volume reached an impressive $150 million, significantly surpassing Binance, which recorded a mere $32 million in the same period.
APT/KRW 1 hour chart on Upbit | Source: TradingView
As of the time of writing, APT is trading at $5.4, showing a resilient 5% increase in value over the last 24 hours, despite the recent security breach. This incident serves as a stark reminder of the importance of robust security measures in the cryptocurrency industry, as well as the need for vigilant oversight to safeguard user assets and maintain market integrity. Upbit, along with the broader crypto community, will undoubtedly be reviewing and strengthening their security protocols in the aftermath of this event, hoping to prevent such incidents from happening again in the future.
Source: https://azcoinnews.com/apt-token-scare-upbit-scrambles-to-secure-user-funds-after-fake-token-deposit.html
