Upbit Hack Stemmed From High-Level Mathematical Exploit, Says Local Expert

The post Upbit Hack Stemmed From High-Level Mathematical Exploit, Says Local Expert appeared on BitcoinEthereumNews.com.

A South Korean expert has suggested that the recent Upbit breach may have originated from a high-level mathematical exploit targeting flaws in the exchange’s signature or random-number generation system. Rather than a conventional wallet compromise, the attack appears to have leveraged subtle nonce-bias patterns embedded in millions of Solana transactions—an approach requiring advanced cryptographic expertise and significant computational resources. Sponsored Sponsored Technical Analysis of the Breach On Friday, Upbit operator Dunamu’s CEO Kyoungsuk Oh issued a public apology regarding the Upbit incident, acknowledging that the company had discovered a security flaw that allowed an attacker to infer private keys by analyzing a large number of Upbit wallet transactions exposed on the blockchain. His statement, however, raised immediate questions about how private keys could be stolen through transaction data. The next day, Professor Jaewoo Cho of Hansung University provided insight into the breach, linking it to biased or predictable nonces within Upbit’s internal signing system. Rather than typical ECDSA nonce-reuse flaws, this method exploited subtle statistical patterns in the platform’s cryptography. Cho explained that attackers could examine millions of leaked signatures, infer bias patterns, and ultimately recover private keys. This perspective aligns with recent studies showing that affinely related ECDSA nonces create a significant risk. A 2025 study on arXiv demonstrated that just two signatures with such related nonces can expose private keys. As a result, private key extraction becomes far easier for attackers who can gather large datasets from exchanges. The level of technical sophistication suggests an organized group with advanced cryptographic skills conducted this exploit. According to Cho, identifying minimal bias across millions of signatures requires not only mathematical expertise but also extensive computational resources. In response to the incident, Upbit moved all remaining assets to secure cold wallets and halted digital asset deposits and withdrawals. The exchange has…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ November 29, 2025 6:27 am