Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A South Korean expert has suggested that the recent Abbbit hack may have resulted from a high-level mathematical exploit that targets flaws in the exchange’s signature or random number generation system.
Rather than being a traditional wallet hack, the attack appears to have exploited simple bias patterns in the nonce embedded in millions of Solana transactions—an approach that requires advanced cryptographic expertise and significant computing resources.
Sponsored
Sponsored
Technical analysis of the matches
Abbet operator Donamo CEO Kyungsuk Oh made the announcement on Friday A public apology Regarding the Upbit incident, he acknowledged that the company discovered a security flaw that allowed an attacker to extract private keys by analyzing a large number of Upbit wallet transactions exposed on the blockchain. But his statement raised immediate questions about how private keys could be stolen via transaction data.
The next day, Professor Jae Wu Zhou of Hanseng University presented Insights into breachlinking them to predictable biases or absurdities in Abbit’s internal signature system. Instead of the common disadvantages of nonsat IC DSE reuse, this approach exploits subtle statistical patterns in platform encryption. Zhu explained that attackers can examine millions of leaked signatures, infer damage patterns, and ultimately recover private keys.
This view is consistent with recent studies showing that non-satellite IC DSEs with interconnected relationships pose a significant risk. A study shown in 2025 on arXiv Only two signatures with similar relationships can reveal the private keys. As a result, extracting the private key becomes much easier for attackers who can collect large data sets Purses.
The high level of technical sophistication indicates that an organized group with advanced cryptographic skills carried out this exploit. According to Zhu, identifying a simple bias among millions of signatures requires not only mathematical expertise but also extensive computational resources.
In response to the incident, Appet moved all remaining assets to secure cold wallets and suspended digital asset deposits and withdrawals. The stock exchange also undertakes to recover any losses from its reserves, to ensure immediate damage control.
Sponsored
Sponsored
The extent of the impact and the security implications
Evidence from a Korean researcher It suggests that hackers have access not only to the exchange’s hot wallet, but also to individual deposit cards. This could indicate that the withdrawal authority’s keys or even the private keys themselves have been compromised, indicating a serious security breach.
Another researcher points out However, if the private keys are exposed, Appet may be forced to completely restructure its security systems, including the physical security modules (HSM), the multi-party account (MPC), and portfolio structures. This scenario raises questions about internal controls, indicating potential insider involvement and putting Abbet’s reputation at risk. The scale of the attack highlights the need for robust security protocols and tight access controls at major exchanges.
The incident shows that highly equipped systems can mask the weakness of the athlete. Nonce generation should ensure effective randomness and unpredictability. The observed bias creates vulnerabilities that attackers can exploit. The ability of organized attackers to identify and exploit these flaws is increasing.
Research on ECDSA’s security measures confirms that random nonce creation can reveal key information. The Upbit case illustrates how theoretical vulnerabilities can translate into significant losses in the real world when attackers have the experience and motivation to exploit them.
Timing and impact on the industry
The timing of the attack sparked community speculation. It happened exactly six years after a similar Upbit hack in 2019, which was attributed to North Korean hackers. In addition, the hacker coincided with The announcement of a major merger involving Naver Financial and Dunamuthe parent company of Upbit.
There are many conspiracy theories on the Internet regarding coordination or inside knowledge, while others suggest that the attack could serve other reasons, such as insider embezzlement. Although clear technical evidence of a sophisticated mathematical exploit indicates a very advanced attack by cybercriminals, Critics say The pattern also reflects two long shadows of concern for Korean exchanges:
“Everyone knows that these exchanges are ruining retail traders, listing suspicious tokens and letting them die without liquidity,” wrote one user, others commented, “A recent offshore altcoin exchange pulled the same trick and disappeared,” while another directly accused the company: “Is this just internal embezzlement and filling the space with company funds?”
The Upbit case of 2019 showed that entities allied with North Korea had previously targeted major exchanges to evade sanctions via cyber theft. Although it is It is not clear Whether or not the current incident involves state-backed actors, the advanced nature of the attack remains a cause for concern.
