Upbit briefly suspends Aptos withdrawals following security incident
Users of the Korean exchange reported unauthorized deposits of what appeared to be Aptos tokens in their Upbit accounts
Ricky Of The World/Shutterstock, modified by Blockworks
South Korea’s largest crypto exchange, Upbit, has resumed deposits and withdrawals of Aptos (APT) tokens after abruptly halting the service due to a security incident.
Upbit said in a statement on Saturday it had detected an “abnormal deposit attempt” while monitoring Aptos transactions, according to a rough translation from Google.
Following an inspection of its wallet system, the exchange confirmed stability for Aptos deposits and withdrawals has been restored and actions have been taken against the abnormal activity.
The incident gained public attention when various Upbit users reported unauthorized deposits of what appeared to be Aptos tokens (APT) in their accounts, according to X user Definalist. Blockworks has reached out to Upbit to confirm.
It was later discovered that these were not genuine Aptos tokens but “scam” tokens named ClaimAPTGift. Upbit customer service reportedly contacted users who had sold these fraudulent tokens, asking for refunds.
The problem, Definalist said, lay in Upbit’s wallet system failing to verify the types of tokens being deposited properly.
Normally, the system should differentiate between native Aptos tokens and other tokens within the same ecosystem. But due to a glitch, all tokens sent via a specific function were recognized as Aptos tokens, leading to the issue.
On a decentralized exchange, users can check the token address on-chain using a block explorer, such as Etherscan on Ethereum, to confirm whether a given token is authentic. A centralized platform, however, requires customers to trust the exchange’s internal naming system.
Crisis averted
A lucky break mitigated the severity of the incident. The scam tokens had six decimal places, while native Aptos tokens have eight.
If both had eight decimals, users could have received and potentially sold $25,000 instead of $250, risking a severe market disruption, Definalist said.
Upbit’s official notice also cautioned users to pay “special attention to the price differences with other exchanges” as trading resumes, acknowledging that the price may fluctuate drastically due to the incident.
The price of APT surged around 9% following the incident, and remains up 6% as of Monday at 3:30 am ET $5.45, Blockworks’ data shows.
Upbit said any delays in reflecting deposits and withdrawals would depend on block processing status and that transactions would proceed sequentially as blocks are completed.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- Empire: Crypto news and analysis to start your day.
- Forward Guidance: The intersection of crypto, macro and policy.
- 0xResearch: Alpha directly in your inbox.
- Lightspeed: All things Solana.
- The Drop: Apps, games, memes and more.
- Supply Shock: Bitcoin, bitcoin, bitcoin.
