- Upbit’s security breach led to a large deposit of fake $APT tokens on the crypto exchange.
- A decimal difference between the fake and real Aptos token prevented an enormous cryptocurrency security breach.
South Korea’s biggest crypto exchange, Upbit, has resumed Aptos trading and withdrawals after fixing a security breach affecting thousands of users.
On September 24th, Upbit suspended the trading and withdrawal of Aptos tokens after detecting a counterfeit deposit on its platform.
The scammer exploited a breach in the crypto exchange’s security system, which failed to verify the source code of the token.
An X (formerly Twitter) user explained the source of the breach.
“It seems that during the process of reflecting $APT coin deposits, there was a failure to check the type arguments, and all same functions transfers were recognized as the same APT native token,” The Co-founder of TunaBot said to Definalist, an X user.
The fake token was traced to a newly created airdrop scam on ClaimAPTGift.com. The counterfeit $APT token was suspected to be part of an airdrop scam designed to lead unsuspecting users to phishing websites. Coindesk reported that about 400,000 Aptos wallets had received the fake $APT tokens.
The security violation impacted 100,000 Upbit accounts. Several Upbit Korean customers claimed that they received unsolicited $APT tokens. As a result of the incident, some Upbit users were able to sell the fake Aptos tokens. However, Upbit’s customer care team has begun to request a refund from customers who sold fake Aptos tokens.
While the security breach signifies a considerable setback for South Korea’s largest crypto exchange, a closer review showed how a decimal difference prevented a more prominent market disruption.
The co-founder of Tuna Bot shared a technical review of the incident.
“Fortunately, amidst the misfortune, the scammer’s token had a 6 decimal, while the native token had a decimal of 8, so a major disaster was averted. If the scam token had a decimal of 8, all users would have received $25,000 instead of $250, leading to thousands of users dumping $25,000 worth of APT, causing significant disruption,” Twitter user MingmingBBS, the co-founder of TunaBot, explained.
It is interesting how the difference in a token decimal draws the line between a disruptive security violation and a minor one.
A few hours after the substantial deposit attempt of fake Aptos tokens, Upbit suspended the trading and withdrawals of Aptos temporarily on its platform. The crypto exchange carried out a wallet inspection and fixed the breach.
On Sunday evening, trading and withdrawal of Aptos tokens resumed on the crypto exchange.
“Aptos (APT) deposit and withdrawal service has been resumed after the Aptos (APT) wallet system has been inspected and deposit/withdrawal stability has been confirmed. The action against the abnormal deposit attempt has been completed, and there is no problem with your Aptos transaction,” The customer care center of the exchange revealed this in a statement.
However, the crypto exchange informed users of possible delays with withdrawals.
