Everything you need to know about the 342,000 ETH Upbit hack

Death, taxes and exchange hacks. Earlier today, the South Korean cryptocurrency exchange Upbit revealed that 342,000 ETH (approximately $50 million at the time of withdrawal) were drained from its hot wallet.

In their official announcement, the Upbit team addressed the rogue transaction and apologised to their users for suspending deposits and withdrawals:

“We took immediate actions to protect your assets, and no investors’ assets were lost. Actions include:

• Suspensions of all crypto-asset deposits and withdrawals
• Transfer of all crypto-assets to cold wallets. (Please note that all large-scale asset transfers following the ETH transfer was part of this process.)”

Upbit also pledged to replace the stolen coins with the company’s own assets, and said it will take “approximately 2 weeks” for deposit and withdrawal services to resume.

Unsurprisingly, the hacker address has yet to move any of its stolen funds, which will likely prove difficult in the coming days:

If you want to keep track of the stolen Upbit funds, Sanbase lets you create monitoring signals for any ETH address.

Here’s a quick signal I made to track the Upbit Hacker’s address, which will send you a notification as soon as the funds start moving. Note: to subscribe to Sanbase signals, you need a (free) Sanbase account.

The news of the hack quickly spread around the cryptoverse, flooding our list of top 10 emerging words on crypto social media:

A quick glance at our social word cloud for ‘Upbit’ tells you all you need to know about the crowd's main talking points:

As for the market’s reaction, BTC took a quick dive below $7000 following the news, only to punish the weak hands by bouncing back above $7500 over the next 7 hours:

To put the hack in wider context, today’s 342,000 ETH withdrawal from Upbit is the single biggest ETH transfer in the past week:

And the 9th biggest ETH transfer in the past 3 months:

With that in mind, our ETH withdrawal & deposit charts for Upbit look as you might expect them to today:

Zooming out a bit, it’s worth noting that Upbit continues to experience a steady decline in both deposit and withdrawal addresses for Ethereum since the July 2019 top:

Compare this to other major exchange like Bitfinex and Binance, whose ETH-related transfers have remained relatively stable throughout the past 12 months:

However, the most fascinating part of the Upbit hack by far has been browsing through the Hacker Address’ recent Etherescan history. Let me tell you - it is a wiiild ride.

While most of the crypto community is still processing the news, a few enterprising individuals are wasting no time trying to make the most out of a bad situation.

Following the 342k ETH transfer, there has been an additional 50 micro ETH transfers to the Hacker Address, as recorded by Etherscan:

A few other people on Twitter noticed this as well, with early guesses ranging from a coordinating dusting attack by Upbit to virtual hat tips to the hacker:

For some of these micro transfers, however, reading the input data gives a pretty clear answer to why these addresses decided to engage with arguably the most high-profile ETH wallet at this time - to ask for some ETH, of course.

One person has decided to ask the hacker for a donation towards building an ‘economy of abundance on the blockchain’, whatever that means:

Others resorted to praise in hopes of attracting the Hacker’s attention:

Or really just outright asking for a handout:

And while you have to respect the effort, the top marks for resourcefullness go to the geniuses that quickly sent their favorite shitcoins to the Hacker Address, essentially turning his Etherescan history into a dozen mini billboards:

Only in crypto.