Wemix Foundation Denies Attempting to Conceal a Security Breach That Resulted in Over $600,000 in Losses

Wemix Foundation has denied allegations of attempting to conceal a security breach that resulted in over $6.2 million in losses.

Wemix Foundation has denied allegations of attempting to conceal a security breach that resulted in over $6.2 million in losses. The blockchain firm, a subsidiary of South Korean gaming company Wemade, has been accused of delaying the public announcement of the attack, which was recognized on February 28 but not disclosed until March 4.

However, at an emergency meeting held on Monday, as cited by Korea’s Yonhap News Agency, Wemix Foundation CEO Kim Seok-hwan said that the delay was not an attempt to hide the breach but the company’s “precautionary measure” to prevent any potential further attacks and panic in the market.

“There was no intention to conceal,” Kim told reporters. “The announcement was delayed due to fears of vulnerabilities being exploited and the impact it could have on investor sentiment.”

The CEO apologized multiple times throughout the meeting, bowing his head before and after reading his statement.

Attack on PlayBridge Bolt causes losses worth millions

According to Wemix’s official blog post, the attack targeted the platform’s PlayBridge Bolt, a system for transmitting assets across blockchain networks.

The foundation reported that hackers exploited a certification key used in the Nile platform, an NFT-based alternative token service. After successfully breaching the network, the attackers took two months to start generating unusual transactions and withdrew approximately 86.5 million Wemix coins.

Wemix also revealed that the hacker made 15 withdrawal attempts, of which two were unsuccessful. However, the other 13 transactions all went through, and the stolen funds were finally laundered through overseas exchanges.

Investigators believe the breach may have originated in mid-2023 when a Wemix operator uploaded sensitive materials to a public repository for ease of development. While the theory remains largely confirmed, the company suspects this may have been the initial point of compromise.

Responding to the hacking event

In response to the hacking incident, Kim said the foundation “immediately shut down the server in question,” and began analyzing how it exactly happened. The executive stated that a complaint had been filed with the Cyber Investigation Team of the Seoul National Police Agency against the unidentified hacker.

At the time, the Digital Assets Exchange Co-Consultation (DAXA), an association of South Korean cryptocurrency exchanges, also designated Wemix Coin for “end of trading” status and halted exchange deposits.

“It’s difficult to disclose specifics about the delisting process, but we will do our best to negotiate with DAXA. Our immediate priority is restoring services. If a decision on delisting is made, we will address it then,” Kim explained.

When asked if the notorious North Korean hacker collective Lazarus Group was behind the attack, Wemix CEO Kim said: “We are not currently weighing the possibility of Lazarus involvement.” Still, he acknowledged that external security experts were continuing their investigation.

Lazarus has been linked to numerous high-profile crypto hacks, including the $1.5 billion Ethereum tokens hack on Bybit that took place about three weeks ago.

Protecting investors and security improvements

In the press briefing, Wemix announced it is taking steps to restore investors’ confidence in its products. Kim mentioned that on March 13, the foundation had launched a 100 billion won ($75 million) buyback program, followed by an additional 20 billion won ($15 million) buyback the next day.

Kim also confirmed that the foundation was migrating all of its infrastructure to a new environment to prevent a breach from happening again. “This won’t be the last hack we face, but we will take this as an opportunity to make Wemix a stronger, more secure ecosystem,” he continued.

The CEO added that the company will reevaluate its internal security measures per the recommendations of recently appointed Chief Technology Officer (CTO) Bom-som, a former executive at another blockchain firm.

“Exchange security and internal policies need to be properly built to prevent recurrence,” the new CTO expounded.