Cyber Incident Victim: Yapizon
Date:
Dec 2017
Location:
South Korea
Summary
A South Korean cryptocurrency exchange formerly known as Yapizon suffered two cyberattacks within eight months, leading to its shutdown and bankruptcy filing. The second breach resulted in a 17% loss of the exchange's assets, following an earlier theft of 4,000 bitcoins attributed to North Korean cyber operatives. Customers received approximately 75% of their holdings due to partial asset protection through offline storage measures. The incident occurred amid heightened targeting of cryptocurrency platforms by threat actors seeking to exploit digital currency valuations. South Korean authorities investigated both breaches but did not publicly attribute the second attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Youbit, a South Korean cryptocurrency exchange previously known as Yapizon, ceased operations and filed for bankruptcy in December 2017 following its second major security breach within eight months. The December cyberattack resulted in a 17% loss of the exchange's total assets, though the exact monetary value was not disclosed publicly. This incident occurred after an April 2017 hack where attackers stole 4,000 bitcoins, valued at approximately $73 million at the time of reporting. The exchange implemented partial asset recovery measures by storing a significant portion of digital currency in offline "cold wallet" storage, preventing total depletion of reserves. Customers were notified they would receive about 75% of their deposited cryptocurrency value following the bankruptcy filing. South Korea's Internet and Security Agency (Kisa) initiated investigations into both breaches, having previously attributed the April attack to North Korean state-sponsored cyber operatives. No attribution was provided for the December attack at the time of reporting.
The exchange's closure highlighted systemic vulnerabilities in cryptocurrency platforms, particularly among smaller operators like Youbit that held minor market share compared to dominant exchanges such as Bithumb. Kisa's investigation focused on how attackers compromised core systems during both incidents, with parallel probes underway regarding separate attacks on Bithumb and Coinis exchanges also suspected to involve North Korean actors. Youbit's management publicly apologized for the shutdown but did not disclose technical details about either breach's methodology or the specific security controls that failed. The bankruptcy proceedings formalized the asset distribution plan while cybersecurity authorities continued forensic analysis of the attacks. These incidents occurred amid escalating targeting of cryptocurrency exchanges globally, with threat actors employing both sophisticated intrusion techniques and malware designed to hijack computational resources for cryptocurrency mining.