As Cointelegraph contributor Joseph Young tweeted on Nov. 27:
“The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.”
Hacker’s timing was advantageous
As Cointelegraph reported, the incident was confirmed in an official statement published earlier today, which read:
“At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbeat Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.”
In its statement, the exchange emphasized that it deemed the 342,000 ETH transaction to be the only irregular transaction on the ledger, alluding to a number of other large-scale transfers that it said were related to the exchange moving assets between hot and cold storage wallets.
As data published by large-scale crypto transaction tracker Whale Alert has revealed, the 342,000 ETH transaction was followed by a series of major transfers of Tron (TRX) and BitTorrent (BTT) tokens.
Screenshot of @whale_alert Twitter feed, Nov. 27. Source: @whale_alert
Taking Upbit’s statement about cold storage transfers at face value, Young has argued for the strong possibility than an exchange employee took advantage of the timing of the storage transfers to perpetrate the theft.
Upbit today pledged to cover all user assets with corporate funds and exchange deposits and withdrawals will reportedly take at least two weeks to resume.
Markets react to exchange hack
Binance CEO Changpeng Zhao has tweeted that the exchange will “work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.”
As Cointelegraph previously reported, the theft of 14 billion won ($13 million) in cryptocurrency from major South Korean cryptocurrency exchange Bithumb was believed by executives to be the work of an insider.