Cyber Incident Victim: GDAC

On or around April 8, 2023, the South Korean cryptocurrency exchange GDAC suffered a security breach. The incident involved hackers successfully draining a significant amount of cryptocurrency assets from the exchange's hot wallet. The attack was publicly acknowledged by the exchange the following day, April 9. The stolen funds were transferred from GDAC's control to a wallet that was not immediately identified by the exchange or the reporting sources.

The total value of the assets stolen was reported to be nearly $13 million. This sum represented a substantial portion of the exchange's holdings, accounting for approximately 23% of its total crypto assets. The specific cryptocurrencies taken in the attack were itemized as 61 Bitcoin (BTC), 350.5 Ethereum (ETH), 10 million Wemix tokens (WEMIX), and 220,000 Tether (USDT). The theft of these specific assets indicates the attackers targeted multiple cryptocurrencies held by the exchange within its hot wallet system.

Following the discovery of the breach, GDAC took immediate action to contain the incident and prevent further loss. The exchange made the decision to suspend all deposit and withdrawal services on its platform. This suspension was a direct response to the hack and was implemented to allow the exchange to conduct a thorough investigation into the security failure. The timeline for the resumption of these services was not immediately determined and remained pending at the time of the reporting.

As part of its response, GDAC notified relevant South Korean authorities about the criminal hack. The exchange also engaged in efforts to track and potentially recover the stolen funds. Their investigation revealed that some of the stolen assets had been forwarded to other, foreign cryptocurrency exchanges. In response to this finding, GDAC reached out to those specific exchanges. The purpose of this outreach was to request their assistance in blocking transactions originating from the suspicious addresses linked to the theft, thereby preventing the laundering or cashing out of the stolen cryptocurrencies. The exchange also engaged with foreign authorities as part of this effort to lock down the movement of the illicit funds.

The incident at GDAC occurred within a broader context of increasing security breaches targeting cryptocurrency platforms. While not directly related to the GDAC event, other significant hacks were noted around the same period, illustrating a trend of vulnerabilities within the digital asset ecosystem. These included a major exploit of the Ronin Bridge associated with Axie Infinity the previous year, which resulted in losses of $625 million. More contemporaneously, the decentralized exchange SushiSwap was exploited due to a smart contract bug, leading to a loss of over $3 million. Another protocol, Sentiment, suffered a hack resulting in a loss of over $500,000 from a re-entrancy attack. Furthermore, the lending protocol Euler Finance was exploited in March, with hackers draining nearly $200 million, though a subsequent negotiation led to the recovery of a portion of those funds. The GDAC hack was another significant incident in this series of security failures, highlighting the persistent threats faced by digital asset service providers. The direct impact on GDAC was a substantial financial loss and a necessary, prolonged suspension of its core transactional services while remediation and investigative work were undertaken.