South Korea’s Upbit Faces Counterfeit Token Incident

Upbit, the premier cryptocurrency exchange in South Korea, recently encountered an incident involving counterfeit deposits, leading to operational disruptions.

On September 24, a temporary stop was placed on both deposit and withdrawal transactions of Aptos (APT) tokens by Upbit, following the detection of several forged tokens.

A mystery individual or group successfully deposited these imitation coins, which were mistakenly identified as legitimate APT tokens by Upbit’s systems. These false tokens, labeled “ClaimAPTGift,” were subsequently distributed to multiple undisclosed accounts.

South Korean cryptocurrency traders, collectively operating the account “Definalist,” were the first to reveal this occurrence to the public.

Amazing Korean exchange upbit incident today

1. The Largest S.Korean exchange @Official_Upbit , abruptly halted Aptos' deposits and withdrawals, citing a wallet system maintenance without any specific reason

2. Various Korean users have posted authentication claiming that they… pic.twitter.com/OjfCwhB4eV
— Definalist (@definalist) September 24, 2023

The repercussions of this incident have left many in a state of bewilderment. Korean digital news platform Web3 Builders reported that Upbit, unaware of the fraudulent tokens, facilitated trading involving these tokens, which amounted to a staggering $3.4 billion and impacted an estimated 100,000 account holders.

Currently, efforts are being made by Upbit to resolve the ensuing complications, including establishing communication with the affected parties to recover the counterfeit tokens.

Reacting to the situation, Upbit announced a halt in the deposit and withdrawal operations involving APT tokens. Reports suggest that Upbit is intensively reaching out to impacted users via phone, apprising them of the circumstances and urging the return of the counterfeit tokens.

Web3 Builders hints at the ongoing initiatives to pinpoint the perpetrators behind the introduction of the fake tokens. With the strict implementation of Know Your Customer (KYC) regulations in South Korea’s crypto domain, it seems probable that those responsible will soon be identified and held accountable.

The Definalist account further disclosed insights from a TunaBot chatbot co-founder regarding the potential method employed by the wrongdoers to infiltrate the Upbit system with the spurious APT tokens.

⚡️How did such a huge and foolish incident occur?

- It seems that during the process of reflecting $APT coin deposits, there was a failure to check the type arguments, and all same functions transfers were recognized as the same APT native token.
- Under normal circumstances,… https://t.co/CvDgTdqnGl pic.twitter.com/8gEx5YnOLH
— Definalist (@definalist) September 24, 2023

The co-founder, identified by the username @mingmingbbs, attributed the mishap to a glitch during APT token’s deposit procedure. Due to the flaw, the system indiscriminately acknowledged every function as an authentic APT token. Essentially, this meant any token from the Aptos network sent to Upbit’s wallet was mistakenly accepted as the native APT coin.

However, a major catastrophe was narrowly avoided since the counterfeit token had a six-decimal configuration, in contrast to the original Aptos token’s eight-decimal setup. In the words of @mingmingbbs, if the phony token had been designed with an 8-decimal structure, a massive influx of the inflated APT tokens by numerous users might have severely destabilized the exchange.