Scams

South Korea's Upbit discovered a critical wallet software vulnerability while investigating a $30 million theft. The exchange identified a defect that could potentially expose private keys through blockchain data analysis. Upbit has suspended operations and pledged full reimbursement to affected users, though no direct link between the flaw and the November 26 breach has been confirmed.

South Korea's National Police Agency has opened an investigation into unauthorized withdrawals of approximately $36.9 million in Solana network assets from Upbit, the country's largest cryptocurrency exchange. Authorities are examining possible links to North Korea's Lazarus Group, a state-affiliated entity previously connected to multiple cryptocurrency thefts. Upbit has suspended all deposit and withdrawal services and moved remaining assets to cold storage.

South Korean cryptocurrency exchange Upbit discovered a critical vulnerability in its wallet software while investigating a breach that resulted in approximately $30 million in losses. The flaw enabled the generation of predictable cryptographic signatures, theoretically allowing attackers to derive private keys through blockchain transaction analysis. The exchange has patched the vulnerability and committed to compensating all affected users from company reserves.

Balancer has initiated a reimbursement program to return approximately $8 million to liquidity providers affected by a November exploit of its v2 pools. Whitehat hackers and internal teams recovered funds across Polygon, Ethereum, Base, and Arbitrum networks. The protocol will distribute recovered assets following KYC verification, with whitehat contributors receiving a 10% bounty.

South Korean cryptocurrency exchange Upbit identified a critical security flaw in its internal wallet system that could have allowed attackers to derive private keys from publicly visible blockchain transaction data. The vulnerability was discovered during an emergency audit following a $30 million theft on November 27. The exchange has not confirmed whether the flaw was directly exploited in the breach, but has committed to covering all customer losses using its own reserves.

South Korean cryptocurrency exchange Upbit disclosed unauthorized withdrawals on the Solana network affecting $36 million worth of digital assets. The breach involved 24 tokens including SOL and USDC. Parent company Dunamu pledged complete customer reimbursement and froze assets totaling approximately 2.3 billion KRW while temporarily suspending withdrawals for affected tokens.

Balancer community members have proposed distributing $8 million in recovered funds to users affected by a $116 million exploit in November. The plan allocates compensation proportionally based on Balancer Pool Token ownership in exploited pools. Victims would receive reimbursement in the original stolen assets rather than converted equivalents.

Balancer has outlined a plan to distribute approximately $8 million in recovered assets to liquidity providers affected by a November vulnerability that led to losses exceeding $128 million. Six white hat actors secured roughly $3.86 million during the incident, with bounties capped at $1 million per operation and requiring identity verification. The proposal establishes a 180-day claim window, after which unclaimed assets will be subject to governance decisions.

A Chrome extension called Crypto Copilot embeds hidden transfer instructions into Solana swaps executed through Raydium, siphoning 0.05% or at least 0.0013 SOL per transaction to an attacker-controlled wallet. The extension appeared on the Chrome Web Store in mid-2024 and markets itself as a tool for instant SOL trading from X feeds. Cybersecurity researchers from Socket's Threat Research Team identified the malicious behavior, which remains concealed from users during transaction confirmation.

South Korean cryptocurrency exchange Upbit lost approximately $30.4 million from its Solana hot wallet in a security breach on November 28. Security researchers identified operational patterns consistent with the Lazarus Group, a hacking collective linked to North Korea. Parent company Dunamu pledged full reimbursement from corporate reserves, while cold wallet systems remained secure.