Security company: UpBit exchange may be attacked by spear phishing emails, watering holes, etc.

On November 27, in response to the ETH theft incident, the Chengdu Chain Security team conducted the following analysis and judgment: The theft of the UpBit exchange may be that the server storing the private key of the hot wallet is attacked and the private key is stolen, or the transaction The signature server was attacked, and the server that controlled the transfer of the hot wallet API was hacked. From the transaction of the transfer (hash is 0xa09871A ****** 43c029), the hacker or gang transferred all the money in the account at that time without doing extra operations, and some users recharged about 4700 in the future. Eth entered the UpBit exchange, and now the exchange has transferred the asset to the address controlled by the exchange 0x267F7 ******* 0a8E319c72CEff5. From the current known situation, UpBit exchange may be attacked by spear phishing emails, watering holes and other attack methods, and obtaining the PC rights of employees and even executives of the exchange.