Wemix Foundation否认试图掩盖安全漏洞，导致超过60万美元的损失

Wemix Foundation否认试图掩盖安全违规的指控，导致损失超过620万美元。

Wemix Foundation has denied allegations of attempting to conceal a security breach that resulted in over $6.2 million in losses. The blockchain firm, a subsidiary of South Korean gaming company Wemade, has been accused of delaying the public announcement of the attack, which was recognized on February 28 but not disclosed until March 4.

Wemix Foundation否认试图掩盖安全违规的指控，导致损失超过620万美元。区块链公司是韩国游戏公司Wemade的子公司，被指控推迟公开宣布这次袭击事件，该袭击事件于2月28日得到认可，但直到3月4日才披露。

However, at an emergency meeting held on Monday, as cited by Korea’s Yonhap News Agency, Wemix Foundation CEO Kim Seok-hwan said that the delay was not an attempt to hide the breach but the company’s “precautionary measure” to prevent any potential further attacks and panic in the market.

但是，在周一举行的紧急会议上，正如韩国Yonhap新闻社的引用，Wemix Foundation首席执行官Kim Seok-Hwan表示，延误不是试图隐藏违规行为，而是该公司的“预防措施”以防止任何潜在的进一步攻击和市场上的恐慌。

“There was no intention to conceal,” Kim told reporters. “The announcement was delayed due to fears of vulnerabilities being exploited and the impact it could have on investor sentiment.”

金说：“无意掩饰。” “由于担心被剥削的脆弱性及其对投资者情绪的影响，该公告被推迟了。”

The CEO apologized multiple times throughout the meeting, bowing his head before and after reading his statement.

在整个会议期间，首席执行官多次道歉，在阅读他的陈述之前和之后鞠躬。

Attack on PlayBridge Bolt causes losses worth millions

对Playbridge螺栓的攻击会造成价值数百万的损失

According to Wemix’s official blog post, the attack targeted the platform’s PlayBridge Bolt, a system for transmitting assets across blockchain networks.

根据Wemix的官方博客文章，该攻击针对该平台的Playbridge Bolt，这是一种用于跨区块链网络传输资产的系统。

The foundation reported that hackers exploited a certification key used in the Nile platform, an NFT-based alternative token service. After successfully breaching the network, the attackers took two months to start generating unusual transactions and withdrew approximately 86.5 million Wemix coins.

该基金会报告说，黑客利用了尼罗河平台中使用的认证密钥，尼罗河平台是基于NFT的替代令牌服务。成功违反网络后，攻击者花了两个月的时间开始产生异常的交易，并撤出了约8650万个Wemix硬币。

Wemix also revealed that the hacker made 15 withdrawal attempts, of which two were unsuccessful. However, the other 13 transactions all went through, and the stolen funds were finally laundered through overseas exchanges.

Wemix还透露，黑客进行了15次撤回尝试，其中两次没有成功。但是，其他13笔交易都进行了，被盗资金终于通过海外交流洗了。

Investigators believe the breach may have originated in mid-2023 when a Wemix operator uploaded sensitive materials to a public repository for ease of development. While the theory remains largely confirmed, the company suspects this may have been the initial point of compromise.

调查人员认为，违规行为可能起源于2023年中期，当时Wemix操作员将敏感材料上传到公共存储库以方便开发。尽管该理论仍然在很大程度上得到证实，但该公司怀疑这可能是妥协的初始点。

Responding to the hacking event

回应黑客活动

In response to the hacking incident, Kim said the foundation “immediately shut down the server in question,” and began analyzing how it exactly happened. The executive stated that a complaint had been filed with the Cyber Investigation Team of the Seoul National Police Agency against the unidentified hacker.

为了应对黑客事件，金说，基金会“立即关闭了有关服务器”，并开始分析它的确切发生方式。高管指出，已向首尔国家警察局的网络调查小组提出了投诉，以针对身份不明的黑客提出投诉。

At the time, the Digital Assets Exchange Co-Consultation (DAXA), an association of South Korean cryptocurrency exchanges, also designated Wemix Coin for “end of trading” status and halted exchange deposits.

当时，韩国加密货币交易所协会的数字资产交易所共享（DAXA）也指定了Wemix Coin的“交易结束”状态和停止的交换存款。

“It’s difficult to disclose specifics about the delisting process, but we will do our best to negotiate with DAXA. Our immediate priority is restoring services. If a decision on delisting is made, we will address it then,” Kim explained.

“很难披露有关偏见过程的细节，但是我们将尽力与Daxa进行谈判。我们的直接优先级是恢复服务。如果做出决定的决定，我们将解决此问题。”金解释说。

When asked if the notorious North Korean hacker collective Lazarus Group was behind the attack, Wemix CEO Kim said: “We are not currently weighing the possibility of Lazarus involvement.” Still, he acknowledged that external security experts were continuing their investigation.

当被问及臭名昭著的北朝鲜黑客集体拉撒路集团是否在袭击中，Wemix首席执行官Kim说：“我们目前没有权衡拉撒路参与的可能性。”尽管如此，他承认外部安全专家正在继续调查。

Lazarus has been linked to numerous high-profile crypto hacks, including the $1.5 billion Ethereum tokens hack on Bybit that took place about three weeks ago.

Lazarus与众多备受瞩目的加密货币有关，其中包括大约三周前发生的15亿美元以太坊令牌黑客攻击。

Protecting investors and security improvements

保护投资者和安全改进

In the press briefing, Wemix announced it is taking steps to restore investors’ confidence in its products. Kim mentioned that on March 13, the foundation had launched a 100 billion won ($75 million) buyback program, followed by an additional 20 billion won ($15 million) buyback the next day.

在新闻发布会上，Wemix宣布正在采取措施恢复投资者对其产品的信心。 Kim提到，3月13日，基金会推出了1000亿韩元（7500万美元）的回购计划，第二天再获得200亿韩元（1500万美元）的回购。

Kim also confirmed that the foundation was migrating all of its infrastructure to a new environment to prevent a breach from happening again. “This won’t be the last hack we face, but we will take this as an opportunity to make Wemix a stronger, more secure ecosystem,” he continued.

金还确认，基金会正在将其所有基础设施迁移到新的环境中，以防止违规再次发生。他继续说：“这将不会是我们面临的最后一个黑客，但我们将把它作为使Wemix成为更强大，更安全的生态系统的机会。”

The CEO added that the company will reevaluate its internal security measures per the recommendations of recently appointed Chief Technology Officer (CTO) Bom-som, a former executive at another blockchain firm.

首席执行官补充说，该公司将根据最近任命的首席技术官（CTO）BOM-SOM的建议重新评估其内部安全措施，后者是另一家区块链公司的前高管。

“Exchange security and internal policies need to be properly built to prevent recurrence,” the new CTO expounded.

新的CTO阐述了：“需要正确制定交换安全性和内部政策，以防止复发。”