Upbit Hack Stemmed From High-Level Mathematical Exploit, Says Local Expert

A South Korean expert, Professor Jaewoo Cho of Hansung University, posited that the recent Upbit security breach was caused by a sophisticated mathematical exploit rather than a conventional wallet compromise. The attack allegedly leveraged subtle, predictable patterns (nonce bias) in the millions of Solana transaction signatures generated by Upbit's internal signing system, allowing attackers to infer private keys. This method aligns with recent research showing that affinely related ECDSA nonces create significant cryptographic risk, especially when attackers can gather large datasets from exchanges. Upbit's CEO had previously acknowledged a flaw allowing private key inference from transaction data. In response, Upbit secured remaining assets in cold wallets and halted withdrawals, promising to cover losses. The incident highlights the danger of mathematical weaknesses in even highly engineered systems and raises concerns about the security overhaul required if private keys were indeed exposed, potentially affecting systems like HSMs and MPC.

(Source：BeInCrypto)