A deceptive token masquerading as a legitimate version of Aptos briefly disrupted operations on the South Korean exchange Upbit, specifically affecting the APT token.
This interruption occurred as some users managed to deposit and withdraw the fraudulent coin.
On-chain data reveals that this token, which emanated from the airdrop scam site ClaimAPTGift.com, resides in approximately 400,000 wallets.
An user on X (formerly known as Twitter) pointed out a vulnerability in Upbit’s system that allowed the acceptance of fake tokens due to a lack of thorough source code scrutiny.
During the deposit process of $APT coins on UpBit, an oversight occurred in verifying type arguments, resulting in all transfers being identified as native APT tokens.
This deviation from standard protocols highlights the significance of robust checks to distinguish between tokens.
MingMingBBS, co-founder of Tuna_Bot, said:
“Amidst the misfortune, the scammer’s token’s decimal difference from the native token prevented what could have been a significant market disruption. If not for this decimal difference, users might have been credited ten times their expected value.”
Although deposits and withdrawals were temporarily halted, Upbit announced the resumption of services for the token by Sunday night in Korea time, as indicated in their statement.
However, it has issued a cautionary note regarding potential pricing disparities when engaging with other exchanges subsequent to the suspension.
The statement reads:
“There is a possibility that the price may change drastically when [APT] deposits and withdrawals resume. Please pay special attention to the price differences with other exchanges that occurred during the suspension of [APT] deposits and withdrawals.”