Cyber Incident Victim: Yapizon

The Yapizon cryptocurrency exchange, based in South Korea, experienced a significant security breach on April 22, 2017, resulting in the theft of 3,816.2028 Bitcoin valued at approximately $5 million. Attackers compromised four of the exchange's operational hot wallets—digital storage systems connected to the internet for facilitating transactions. This theft represented 37% of all user funds held by the exchange. Yapizon publicly disclosed the incident through an official Korean-language statement, confirming the breach date and scale while denying any insider involvement in the attack. The company notified Seoul's Cyber Investigation Division and Seoul Metropolitan Police Agency, initiating formal investigations into the intrusion method and perpetrator identity, though no attribution details were released.

In response to the financial impact, Yapizon implemented a controversial compensation strategy by reducing all user account balances by 37% to proportionally distribute losses across its customer base. The exchange simultaneously announced plans to issue "Fei" tokens—a proprietary service product traded since 2014—to priority members as partial compensation, mirroring Bitfinex's 2016 response to a comparable $70 million breach through BFX tokens. This approach drew scrutiny due to concerns about Yapizon's financial stability relative to Bitfinex. The breach occurred amid South Korea's absence of formal cryptocurrency regulations, despite 2016 commitments by the Financial Services Commission to implement protective measures. Following the incident, Yapizon suspended its online operations indefinitely while maintaining its statement's availability in Korean. Market observers noted the timing coincided with Bitcoin price surges, predicting increased targeting of cryptocurrency platforms globally.