Korean Authorities Press Binance Over Slow Response to Upbit Hack Asset Freeze
Key Takeaways:
- South Korean law enforcement agencies have raised concerns about Binance’s delayed response to Upbit’s request to freeze stolen assets. This came after the world’s largest crypto exchange only froze 17% of the funds that belonged to the Upbit hack.
- Last month, Upbit suffered a major security breach that affected its Solana wallets, resulting in approximately $36.8 million in assets being stolen from the platform. The hackers divided the loot into smaller portions, which were then transferred to at least a thousand wallets through token mixers and other networks to obscure the trail.
- Approximately $370,000 worth of assets landed on Binance on the day of the hack. However, the exchange only froze $75,000 of that total, citing internal policy. Binance only made the move to freeze the funds 15 hours after Upbit’s initial request.
- Security experts are now calling for regulators to impose banking-style liability and no-fault rules on crypto exchanges, and to establish a global hotline or agency that would be authorized to take immediate action during a crisis.
South Korean police said Binance only froze a small portion of the crypto assets stolen from Upbit, the country’s largest and most liquid crypto trading platform, that were moved through the platform.
This has called into question the response times and potential vulnerabilities in cryptocurrency platforms’ cooperation with law enforcement agencies amidst ongoing investigations.
Binance Freezes Just 17% of Upbit Hack Funds That Landed On Its Exchange, Angering South Korean Authorities
On November 27, Upbit suffered a major security breach that resulted in the unauthorized transfer of approximately $36.8 million in Solana-based assets, including SOL, USDC, and other tokens. Security analysts noted that the hacking group behind the operation targeted the exchange’s Solana wallets and executed an elaborate laundering strategy that quickly moved the stolen funds across more than a thousand wallets.
The hackers repeatedly broke down the funds into smaller denominations before moving them through multiple chains and token bridges to obscure the trail. Most of the assets were swapped for ETH to leverage Ethereum’s market liquidity and depth.
Upbit immediately initiated emergency security protocols, including halting all transactions, conducting a comprehensive post-mortem, and communicating with law enforcement and blockchain security firms to trace and freeze the stolen assets. The company even launched a bounty offering 10% of the recovered assets as a reward for assistance.
The exchange has since moved all of its assets to cold storage, and committed to fully reimbursing affected users from its cooperate reserves.
On the day of the attack, roughly $370,000 worth of assets landed on Binance-linked wallets, with the transaction confirmed by the exchange. Both Upbit and the South Korean police requested that Binance execute an immediate freeze, but the exchange only froze about $75,000 of the total amount, arguing that additional verification was required before taking any further action.
Binance only froze the assets 15 hours after Upbit’s initial request, and when questioned by the media about the delay, the company declined to address specifics, citing its policy around ongoing investigations. This incident has shed light on the legal gaps that persist in the crypto space, as existing laws do not mandate exchange accountability in the event of a hack.
Industry Experts Call on Regulators to Toughen Exchange Compliance Laws, Recommending Banking-Style Rules
However, Binance’s response was not welcomed by South Korean industry experts. Cho Jae-woo, director of the Blockchain Research Institute at Hansung University, stressed that rapid intervention is needed to minimize the damage caused by hacks. He argued that oftentimes, exchanges cite litigation risks as an excuse for hesitating during critical moments.
Jae-woo also called for establishing a global emergency hotline between crypto exchanges or a coordinated agency that would be empowered to impose immediate fund freezes in a crisis, where time is crucial.
Lee Chan-jin, governor of the Financial Supervisory Service (FSS) of South Korea, has called for the implementation of bank-grade liability and no-fault rules for crypto exchanges to strengthen investor protections.
Upbit Moves 99% of Customers’ Assets to Cold Storage, Far Above Legal Limit
Upbit has since moved 99% of its customer assets into cold storage, initiating one of the strongest responses yet by a leading crypto exchange. Dunamu, the company that operates Upbit, said the exchange will eventually zero its exposure to hot wallets. South Korean regulations require that 80% of digital assets belonging to customers be stored offline, putting Upbit’s allocation far above the legal limit.
Before November’s hack, the exchange had already been holding over 98% of its customer funds in cold storage, and it has since taken significant steps to improve its security protocols. As of December 8, the exchange managed to recover approximately $1.77 million of the stolen funds, which were frozen across different platforms.
Meanwhile, authorities have ramped up their search for the rest of the assets, with reports linking the operation to the notorious North Korean hacking group, Lazarus. The incident has intensified scrutiny on the security of crypto exchanges and could lead to stricter regulations in the country, such as mandatory proof-of-reserves, enhanced incident reporting, and broader cybersecurity oversight.
Also Read: Binance Adds New Trading Pairs for Trump Family’s USD1 Stablecoin
Crypto & Blockchain Expert