In the early hours of Sunday, South Korean crypto exchange GDAC hit a cyber attack resulting in losses of 23% of the exchange’s total custodial assets. The hacker transferred multiple crypto assets from the exchange’s hot wallet to an unknown wallet address, the firm revealed on April 10 on its website. 

Following identifying the breach, GDAC immediately paused withdrawals and deposits while disabling its wallet’s servers. And the exchange is now collaborating with South Korean Police and security authorities to help the firm regain stolen funds.

Stolen digital assets include a collection of 60.8 Bitcoin, 350.5 Ethereum, 220,000 USDT, and 10 million WEMIX tokens, the native token of the GDAC exchange. According to the current market prices, the stolen crypto funds are worth above $14.2 million.

A hot wallet refers to the storage of crypto assets linked to the internet so crypto exchange users can trade or withdraw available funds at any time. Similarly, hot wallets come up with more security risks than cold wallets keep funds offline and secure. A security breach into the exchange’s hot wallet often results in depositors and the victim exchange suffering heavy financial losses.

The exchange reported the hack to Korea Financial Intelligent Unit (FIU) and Korea Internet Security and Agency (KISA) and seeks a cyber investigation by authorities to resolve the issue. Additionally, GDAC expects digital asset issuers, exchanges, and DeFi managers to cooperate and confiscate the suspicious fund transfers linked to the hack, said the exchange’s CEO, Seunghwan Han, in a blog post.

Hacker Sent 461 Ethereum To Tornado Cash

Contrary to the GDAC’s ongoing efforts to recover funds, a blockchain security firm revealed that the hacker has already swapped stolen USDT for Ethereum. According to the report of crypto market intelligence firm Arkham, the bad actor has moved 461 Ethereum to a tornado cash mixer, a privacy tool banned by US authorities.   

In the GDAC’s exploit, depositors of the exchange have faced extensive losses as $10 million WEMIX tokens are among the stolen crypto asset hacker transferred.

On the other hand, WEMIX Foundation keeps itself neutral from the attack and adds:

The quantity and the condition of Foundation-managed WEMIX, as well as the security and safety of the platforms, DApp services, and smart contracts are not affected by this incident.

Crypto Crimes On The Rise

According to data from Chainplay, crypto thefts in 2022 reached $12 billion via 436 exploits. It represents a sharp increase in crypto thefts compared to the $30 billion stolen over the last 10 years. 

On Sunday, a decentralized finance protocol Sushi also suffered a hack. The exploiter transferred $3.3 million of the firm’s assets due to a bug in its approval contract. Interestingly, the blockchain security firm, BlockSec recovered 100 ETH from the hacker.

Featured image from Pixabay and chart from TradingView.com