6 hours Ago By [email protected](KoreaTimes)
gettyimagesbank $1.46 bil. Bybit hack sparks calls for stricter, proactive security protocols By Lee Yeon-woo Following a massive hack Friday that targeted Bybit, one of the world's largest virtual asset exchanges, calls are growing for domestic cryptocurrency exchanges to strengthen their security against potential hacking attempts, industry experts said Sunday.
The crypto industry was stunned when Bybit lost $1.46 billion in Ethereum due to the latest hack, marking the largest crypto hack in history — double the size of the second-largest breach. The attack is believed to have been carried out by the North Korean hacking group Lazarus, which helps to provide funds for the economically strained country and its military ambitions through cyberattacks and ransomware.
In 2024, the group stole $1.34 billion across 47 incidents, accounting for 61 percent of the year's total, according to Chainalysis. In the wake of this unprecedented attack, the cryptocurrency market has taken a hit, leaving South Korean investors on edge.
Many are now questioning: How secure are South Korean cryptocurrency exchanges? Their concerns are valid. In the early days of the industry, South Korean exchanges also fell victim to cyberattacks . In 2019, Upbit, the country’s largest virtual asset exchange, lost 58 billion won ($40.
3 million) in digital assets to a North Korean hacking operation. Bithumb, the second-largest exchange, suffered digital asset thefts estimated between 80 billion won and 100 billion won from 2017 to 2020. In 2017, domestic exchange Youbit went bankrupt after losing approximately 17 billion won worth of cryptocurrency in a hack.
"State-sponsored North Korean hackers initially targeted South Korean crypto exchanges because they often maintained escrow accounts holding Bitcoins in hot wallets," Markus Thielen, founder of 10x Research, said in a note to clients. A hot wallet is a type of cryptocurrency wallet — similar to a bank account — that is connected to the internet. While it allows for convenient transactions, it is also more vulnerable to hacking compared to cold wallets, which are kept offline.
However, as South Korean virtual asset exchanges have strengthened their security measures and financial authorities work to institutionalize the industry , cyberattacks have become increasingly difficult. South Korea now enforces one of the world's most rigorous travel rule implementations, alongside stricter regulations and enhanced oversight. "South Korean virtual asset exchanges face stringent regulations, particularly in terms of anti-money laundering (AML) and know-your-customer compliance," Chung Ji-yeal, a professor at Hanyang University and an AML expert, said.
"Compared to global exchanges, these extensive regulations lead to significantly higher compliance costs." Upbit's headquarters in Seoul / Newsis Domestic exchanges also claim to have improved their security incident response , disaster recovery, and personal data protection capabilities by obtaining international security certifications. Upbit and Bithumb recently announced plans to apply the travel rule to virtual asset transactions even below 1 million won.
For fund transfers, virtual asset service providers are required to share sender and receiver information. "Upbit has significantly enhanced its systems and security policies, with no theft incidents occurring since 2019. We safeguard assets through a robust security framework designed by top industry experts and continuous 24/7 monitoring," an Upbit spokesperson said.
However, this does not mean domestic virtual asset exchanges are no longer targets. According to the Financial Intelligence Unit, Upbit experienced over 160,000 hacking attempts in the first half of 2023 — an average of 879 attempts per day. "Hacking attempts exploit vulnerabilities.
No matter how much security systems are reinforced, North Korea is not a group that gives up easily. Their attacks will continue," a Web3 security expert said on the condition of anonymity. "Traditional security measures alone are often insufficient, as these threats can evade detection despite rigorous monitoring.
" For instance, in the Bybit incident, the breach stemmed from weaknesses in human resources and operational processes rather than a flaw in the system itself. It was a sophisticated case of social engineering. "The attackers introduced a malicious implementation contract that intercepted the transaction process.
Having compromised the computers used by Bybit employees, the attackers were able to manipulate the signing interface presented to the wallet signers. The interface displayed legitimate transaction details, including the correct destination address and URL, deceiving the signers into believing they were authorizing a routine transfer," Blockaid Asia-Pacific Vice President Joshua Foo explained. As the virtual asset industry continues to evolve, market insiders believe the Bybit case highlights the need for stringent security protocols and proactive regulatory compliance.
"In the past, security responses focused on post-incident analysis and recovering stolen funds," the Web3 security expert said. "However, the current trend prioritizes proactive detection and real-time response to prevent hacks before they happen. While this approach is gaining global adoption, South Korea has yet to fully embrace this concept of Web3 security measures.
".
