GDAC Exchange Hack - April 9, 2023
Overview
South Korean crypto exchange GDAC was hacked for approximately $13.9 million worth of crypto. The attacker gained control of some of the exchange's hot wallets on the morning of April 9 and began moving crypto into wallets under the attacker's control at 7 am Korean Standard Time.
Assets Stolen
• ~61 Bitcoin (BTC)
• ~350.5 Ether (ETH)
• ~10 million WEMIX gaming tokens
• ~$220,000 worth of Tether (USDT)
The total stolen represented approximately 23% of GDAC's total custodial assets at the time.
MetaSleuth Investigation
MetaSleuth, a blockchain analysis tool, tracked the stolen funds:
• The hacker swapped all 220k USDT for Ether
• Laundered all 461 Ether into Tornado Cash
MetaSleuth also determined important details about the attack method: a blockchain sleuth ruled out the leaking of GDAC's private keys as the genesis of the hack, noting that if the attacker had the private key, he could withdraw all funds to his own address — which did not occur. This suggests a more constrained operational compromise rather than full key theft.
Technical Root Cause
The exchange categorized the incident as a hot-wallet hack. Public technical detail is limited; investigators (MetaSleuth and others) ruled out a clean private-key compromise based on the bounded scope of the attacker's withdrawals.
Response
• GDAC suspended all withdrawals and deposits immediately after detection
• The exchange alerted Korean police
• Reported the hack to the Korea Internet & Security Agency (KISA)
• Notified the Financial Intelligence Unit (FIU) of the loss
• Worked with various exchanges to attempt to freeze stolen funds
Sources