Unlike Bithumb, which lost 2 trillion won… Domestic virtual asset exchanges are confident in ‘ironclad security’

In relation to the Bybit hacking incident, where virtual assets worth about 2 trillion won were leaked, major domestic virtual asset exchanges have come forward to emphasize the uniqueness of their cold wallet operation methods and the safety of their security systems. The exchanges said they are re-examining their independent security systems and are taking full measures to strengthen their operational security.



According to the industry on the 24th, major domestic virtual asset exchanges are operating different cold wallet systems from Bybit. In particular, Upbit, which had about 58 billion won worth of ETHEREUM (ETH) stolen by the North Korean hacking group Lazarus in 2019, emphasized that it has significantly strengthened its security since then. Lazarus is also suspected to be behind the recent Bybit hacking incident.

An Upbit official said, "Since the ETH theft incident in 2019, we have rebuilt the wallet system for all virtual assets and reorganized our internal security policies." He added, "We are directly responsible for managing investors' virtual assets without third-party entrustment, and we are operating hot wallets in a distributed manner and managing the holding ratio to be below a certain amount. Thanks to these efforts, there has not been a single theft incident since 2019."

Bithumb, the second-largest exchange, conducted an analysis of the impact on its own system immediately after the Bybit hacking incident. Bithumb said, "We have adopted a different cold wallet withdrawal operation method from Bybit, and have confirmed that there is no impact from this incident."

Coinone said, "We already have advanced security policies and systems in place," and "We have conducted a re-examination in relation to the Bybit incident and plan to strengthen the system if necessary."

Korbit expressed confidence in its strict security policies. Korbit said, "We are conducting our own signing in a completely physically separated (Air-Gapped) environment," and "Unlike Bybit, which uses an external solution called safe.global, we have a more stringent operational policy."



Industry experts analyzed that the Bybit hacking was a sophisticated attack that targeted operational loopholes, not technical vulnerabilities in the cold wallet. One security expert explained, "The attackers hacked the system of the developer responsible for transferring funds from the cold wallet to the hot wallet, and maliciously changed the transfer address."

According to the experts, the attackers are suspected to have used 'packing' technology. Packing is a technique to conceal or compress malware so that it is not detected by security systems. Through this, they were able to cleverly manipulate the transaction information displayed on the devices of the personnel, disguising it as a normal transaction, and successfully stealing the signing data.

Korbit said, "As seen in the Bybit hacking, we are paying attention to the increasing attacks on operational loopholes rather than technical vulnerabilities," and "We are re-examining the device security, security training, and network separation of each employee."

Cold wallets are evaluated to be much more secure than hot wallets, as they store virtual asset security keys in an offline storage device, blocking hacking attempts. However, on the 20th (local time), an incident occurred where about $1.5 billion (about 2.1421 trillion won) worth of virtual assets were leaked from Bybit's cold wallet. Bybit promised to compensate all customer assets.

On this day, Bybit CEO Ben Zhou said through his X that "We have filled in the leaked ETHEREUM (ETH), and will soon release a new asset reserve proof (POR) report using the Merkle tree method to prove that customer assets are stored 1:1."

Reporter Yeri Do

yeri.do@decenter.kr