South Korea’s largest cryptocurrency exchange, Upbit, said it uncovered and repaired a serious flaw in its internal wallet system while investigating the recent $30 million theft from the platform.
In a statement released Friday, Upbit CEO Oh Kyung-seok disclosed that engineers identified a weakness in the exchange’s wallet software that could have allowed attackers to infer private keys by studying publicly available blockchain data.
According to the exchange, the issue may have produced weak or predictable signing data, creating the possibility that a sophisticated attacker could mathematically reconstruct wallet keys by analyzing historical transactions. “We identified and addressed the vulnerability during a comprehensive inspection of all related networks and wallet systems,” Oh said, adding that the company activated emergency response protocols and halted all withdrawals and deposits until systems were verified as secure.
The flaw did not stem from the blockchains themselves but from how Upbit’s wallet software generated cryptographic signatures.
Upbit emphasized that it has not established a direct link between the wallet vulnerability and the theft. The issue was discovered only during an internal audit triggered by the incident. “No security system can ever be considered perfect,” Oh said, pledging infrastructure upgrades and continued transparency as investigations continue.
The exchange confirmed that approximately 2.3 billion won ($1.5 million) in funds have already been frozen through coordination with external parties.
