- Binance froze only a small share of hacked Upbit funds after long delays.
- South Korean police questioned Binance’s slow response and limited freeze action.
- Experts say exchanges must act quickly during hacks to reduce user losses.
South Korean police asked Binance to freeze crypto stolen from Upbit during a recent hack, but the exchange held only a small share of the assets, according to KBS. Authorities requested a freeze on about 470 million won (around $370,000) in Solana. Binance froze about 80 million won, or 17%, after saying it needed more time to verify the request.
When pressed about the limited action and the delay, Binance told KBS: “Our position remains unchanged: we will continue to cooperate with the relevant authorities and partners in accordance with appropriate procedures.”
Investigators later found that the hackers converted most of the stolen Solana into Ethereum, likely choosing it because of its large liquidity. The total loss was estimated at about 54 billion won, or $37 million. Upbit said all affected users will be fully compensated.
Related: Hacked Binance WeChat Triggers 200% Mubarakah Surge, CZ Issues Warning
Experts Question Slow Response
Cho Jae-woo, director of Hansung University’s Blockchain Research Institute, said quick action is essential in hack incidents. He criticised exchanges for hesitating due to legal fears.
“To prevent damage from hacking, a swift initial freeze is essential, but exchanges often cite litigation risks as an excuse for being hesitant,” he said.
Cho also suggested creating a global emergency hotline between exchanges so funds can be frozen before they disappear.
Hackers Moved Funds Across 1,000+ Wallets
Security analysts say the attackers used a complicated laundering process that split the stolen Solana into many small transfers. The funds moved through more than a thousand wallets, then across chains through bridges and swaps. Much of the laundering eventually led back to third-party wallets on Binance.
Some analysts believe the tactics resemble past incidents linked to North Korea’s Lazarus Group.
Railgun System Failed to Flag Hacker Activity
An independent expert said the hacker ran the stolen funds through Railgun and even passed its “proof of innocence” screening. The system is meant to detect whether a wallet belongs to a legitimate user, but it still marked the hacker’s transactions as valid.
The expert said the system might have been misled because the funds came from another chain, the hacker moved assets through many fresh wallets, and the transfers were done manually in small steps.
Related: Botim Money Partners with Binance to Integrate Crypto in UAE-based Super App
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
