Wemix Foundation否認試圖掩蓋安全漏洞，導致超過60萬美元的損失

Wemix Foundation否認試圖掩蓋安全違規的指控，導致損失超過620萬美元。

Wemix Foundation has denied allegations of attempting to conceal a security breach that resulted in over $6.2 million in losses. The blockchain firm, a subsidiary of South Korean gaming company Wemade, has been accused of delaying the public announcement of the attack, which was recognized on February 28 but not disclosed until March 4.

Wemix Foundation否認試圖掩蓋安全違規的指控，導致損失超過620萬美元。區塊鏈公司是韓國遊戲公司Wemade的子公司，被指控推遲公開宣布這次襲擊事件，該襲擊事件於2月28日得到認可，但直到3月4日才披露。

However, at an emergency meeting held on Monday, as cited by Korea’s Yonhap News Agency, Wemix Foundation CEO Kim Seok-hwan said that the delay was not an attempt to hide the breach but the company’s “precautionary measure” to prevent any potential further attacks and panic in the market.

但是，在周一舉行的緊急會議上，正如韓國Yonhap新聞社的引用，Wemix Foundation首席執行官Kim Seok-Hwan表示，延誤不是試圖隱藏違規行為，而是該公司的“預防措施”以防止任何潛在的進一步攻擊和市場上的恐慌。

“There was no intention to conceal,” Kim told reporters. “The announcement was delayed due to fears of vulnerabilities being exploited and the impact it could have on investor sentiment.”

金說：“無意掩飾。” “由於擔心被剝削的脆弱性及其對投資者情緒的影響，該公告被推遲了。”

The CEO apologized multiple times throughout the meeting, bowing his head before and after reading his statement.

在整個會議期間，首席執行官多次道歉，在閱讀他的陳述之前和之後鞠躬。

Attack on PlayBridge Bolt causes losses worth millions

對Playbridge螺栓的攻擊會造成價值數百萬的損失

According to Wemix’s official blog post, the attack targeted the platform’s PlayBridge Bolt, a system for transmitting assets across blockchain networks.

根據Wemix的官方博客文章，該攻擊針對該平台的Playbridge Bolt，這是一種用於跨區塊鍊網絡傳輸資產的系統。

The foundation reported that hackers exploited a certification key used in the Nile platform, an NFT-based alternative token service. After successfully breaching the network, the attackers took two months to start generating unusual transactions and withdrew approximately 86.5 million Wemix coins.

該基金會報告說，黑客利用了尼羅河平台中使用的認證密鑰，尼羅河平台是基於NFT的替代令牌服務。成功違反網絡後，攻擊者花了兩個月的時間開始產生異常的交易，並撤出了約8650萬個Wemix硬幣。

Wemix also revealed that the hacker made 15 withdrawal attempts, of which two were unsuccessful. However, the other 13 transactions all went through, and the stolen funds were finally laundered through overseas exchanges.

Wemix還透露，黑客進行了15次撤回嘗試，其中兩次沒有成功。但是，其他13筆交易都進行了，被盜資金終於通過海外交流洗了。

Investigators believe the breach may have originated in mid-2023 when a Wemix operator uploaded sensitive materials to a public repository for ease of development. While the theory remains largely confirmed, the company suspects this may have been the initial point of compromise.

調查人員認為，違規行為可能起源於2023年中期，當時Wemix操作員將敏感材料上傳到公共存儲庫以方便開發。儘管該理論仍然在很大程度上得到證實，但該公司懷疑這可能是妥協的初始點。

Responding to the hacking event

回應黑客活動

In response to the hacking incident, Kim said the foundation “immediately shut down the server in question,” and began analyzing how it exactly happened. The executive stated that a complaint had been filed with the Cyber Investigation Team of the Seoul National Police Agency against the unidentified hacker.

為了應對黑客事件，金說，基金會“立即關閉了有關服務器”，並開始分析它的確切發生方式。高管指出，已向首爾國家警察局的網絡調查小組提出了投訴，以針對身份不明的黑客提出投訴。

At the time, the Digital Assets Exchange Co-Consultation (DAXA), an association of South Korean cryptocurrency exchanges, also designated Wemix Coin for “end of trading” status and halted exchange deposits.

當時，韓國加密貨幣交易所協會的數字資產交易所共享（DAXA）也指定了Wemix Coin的“交易結束”狀態和停止的交換存款。

“It’s difficult to disclose specifics about the delisting process, but we will do our best to negotiate with DAXA. Our immediate priority is restoring services. If a decision on delisting is made, we will address it then,” Kim explained.

“很難披露有關偏見過程的細節，但是我們將盡力與Daxa進行談判。我們的直接優先級是恢復服務。如果做出決定的決定，我們將解決此問題。”金解釋說。

When asked if the notorious North Korean hacker collective Lazarus Group was behind the attack, Wemix CEO Kim said: “We are not currently weighing the possibility of Lazarus involvement.” Still, he acknowledged that external security experts were continuing their investigation.

當被問及臭名昭著的北朝鮮黑客集體拉撒路集團是否在襲擊中，Wemix首席執行官Kim說：“我們目前沒有權衡拉撒路參與的可能性。”儘管如此，他承認外部安全專家正在繼續調查。

Lazarus has been linked to numerous high-profile crypto hacks, including the $1.5 billion Ethereum tokens hack on Bybit that took place about three weeks ago.

Lazarus與眾多備受矚目的加密貨幣有關，其中包括大約三週前發生的15億美元以太坊令牌黑客攻擊。

Protecting investors and security improvements

保護投資者和安全改進

In the press briefing, Wemix announced it is taking steps to restore investors’ confidence in its products. Kim mentioned that on March 13, the foundation had launched a 100 billion won ($75 million) buyback program, followed by an additional 20 billion won ($15 million) buyback the next day.

在新聞發布會上，Wemix宣布正在採取措施恢復投資者對其產品的信心。 Kim提到，3月13日，基金會推出了1000億韓元（7500萬美元）的回購計劃，第二天再獲得200億韓元（1500萬美元）的回購。

Kim also confirmed that the foundation was migrating all of its infrastructure to a new environment to prevent a breach from happening again. “This won’t be the last hack we face, but we will take this as an opportunity to make Wemix a stronger, more secure ecosystem,” he continued.

金還確認，基金會正在將其所有基礎設施遷移到新的環境中，以防止違規再次發生。他繼續說：“這將不會是我們面臨的最後一個黑客，但我們將把它作為使Wemix成為更強大，更安全的生態系統的機會。”

The CEO added that the company will reevaluate its internal security measures per the recommendations of recently appointed Chief Technology Officer (CTO) Bom-som, a former executive at another blockchain firm.

首席執行官補充說，該公司將根據最近任命的首席技術官（CTO）BOM-SOM的建議重新評估其內部安全措施，後者是另一家區塊鏈公司的前高管。

“Exchange security and internal policies need to be properly built to prevent recurrence,” the new CTO expounded.

新的CTO闡述了：“需要正確制定交換安全性和內部政策，以防止複發。”