- The Wemix Foundation suffered a $6.2 million cyberattack on February 28 but only informed investors on March 4.
- The attacker succeeded in stealing 8.65 million WEMIX tokens.
- The CEO of the Wemix Foundation does not believe the Lazarus group was responsible for the breach.
Kim Seok-hwan, CEO of the Wemix Foundation, stated there was “no attempt” to conceal the $6.2 million hack after the organization announced the breach four days later.
At a press conference on Monday, Kim denied any intention to hide the incident. On February 28, more than 8.65 million WEMIX tokens were withdrawn following a malicious attack on the platform’s Play Bridge Vault.
However, the South Korean platform only alerted investors through an announcement posted on its homepage on March 4.
Explaining the delay, Kim said:
“The announcement was delayed because of concerns about the possibility of additional attacks and the risk of market panic following the theft of assets.”
Kim added that most of the stolen assets had already been sold and the market impact had already occurred, noting there was no guarantee against further risk.
Sophisticated attack
During the press conference, Kim accepted full responsibility for the timing of the disclosure. He outlined that an unidentified attacker had stolen an authentication key for the monitoring service of the platform’s Nile NFT token service.
According to Kim, the attacker planned the operation over two months, generating abnormal transactions and attempting 15 withdrawals. Two attempts failed, but 13 succeeded, resulting in the theft of 8.65 million WEMIX tokens.
After discovering the exploit, the foundation shut down the affected server and launched a detailed forensic analysis. A complaint was also filed with the Cyber Investigation Unit of the Seoul Metropolitan Police.
Kim said he believes the hack was likely not carried out by Lazarus, the North Korea–linked hacking group.
Recent security incidents in crypto
In recent weeks, multiple crypto platforms have experienced security breaches that resulted in the theft of various digital assets. Last month, Bybit was reportedly compromised when $1.4 billion in Ethereum was drained from a single wallet. Subsequent reporting suggested the Lazarus group may have been involved in that theft.
A few days later, Infini suffered a $50 million hack after an attacker retained admin rights while working on Infini’s development contract, allowing access to funds.
Responding to the Wemix incident, Kim announced on March 13 that the foundation would repurchase 10 billion Korean won (about $7 million) worth of WEMIX tokens. The following day, the foundation said it would purchase an additional 20 million tokens.
At the press conference, Kim added that the foundation is implementing strengthened security measures across its blockchain infrastructure and aims to fully restore services by Friday, March 21.