CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
Yesterday, on September 24, the South Korean exchange UpBit suspended the deposit and withdrawal of Aptos tokens (APT), due to the appearance of fake APTs worth $3.4 billion on the exchange. The incident affected about 100,000 users.
On Sunday, UpBit employees discovered that a fraudulent deposit was made on the platform, while the attackers managed to issue a fake token for the verified crypto asset Aptos. The UpBit system mistakenly identified a fake crypto asset, which allowed the bot to deposit a large number of fake coins into user accounts.
The security breach affected about 100,000 addresses where APT tokens were located. Upon discovering the problem, UpBit specialists immediately took measures to protect users by suspending APT input and output for maintenance of the Aptos wallet system.
Several South Korean crypto traders who maintain an X (Twitter) account called Definalist have revealed details of what happened. Definalist found out that the fake APTs were not associated with the Aptos Network, but turned out to be tokens called "ClaimAPTGift".
The problem occurred because the UpBit system did not properly check the type of tokens being transferred, mistaking these different crypto assets for the same APT token. The system had to check their compliance with certain conditions.
However, serious problems were avoided due to the fact that the fake token has six decimal places, while Aptos tokens have eight decimal places. If the fake token also used the 8-digit system, thousands of users could fill the market with APT crypto assets at an inflated cost, and this would cause huge damage to the exchange.
On Sunday, UpBit employees discovered that a fraudulent deposit was made on the platform, while the attackers managed to issue a fake token for the verified crypto asset Aptos. The UpBit system mistakenly identified a fake crypto asset, which allowed the bot to deposit a large number of fake coins into user accounts.
The security breach affected about 100,000 addresses where APT tokens were located. Upon discovering the problem, UpBit specialists immediately took measures to protect users by suspending APT input and output for maintenance of the Aptos wallet system.
Several South Korean crypto traders who maintain an X (Twitter) account called Definalist have revealed details of what happened. Definalist found out that the fake APTs were not associated with the Aptos Network, but turned out to be tokens called "ClaimAPTGift".
The problem occurred because the UpBit system did not properly check the type of tokens being transferred, mistaking these different crypto assets for the same APT token. The system had to check their compliance with certain conditions.
However, serious problems were avoided due to the fact that the fake token has six decimal places, while Aptos tokens have eight decimal places. If the fake token also used the 8-digit system, thousands of users could fill the market with APT crypto assets at an inflated cost, and this would cause huge damage to the exchange.
