{"id":84944,"date":"2023-09-25T11:09:41","date_gmt":"2023-09-25T08:09:41","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=84944"},"modified":"2025-09-12T20:23:25","modified_gmt":"2025-09-12T17:23:25","slug":"upbit-handles-fraudulent-aptos-tokens","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/upbit-handles-fraudulent-aptos-tokens\/","title":{"rendered":"Upbit Handles Fraudulent Aptos Tokens"},"content":{"rendered":"<p>On 24 September, Upbit users received <a href=\"https:\/\/apscan.io\/account\/0xc4f4e73e689b13799d6a1a52a9db1e0099de2e16967ca9bff97e9946dbedc4e9\">fraudulent ClaimAPTGift tokens<\/a> as part of<a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-cryptocurrency-airdrop\"> an airdrop<\/a> without submitting the corresponding request. The exchange&#8217;s system treated the asset as Aptos (APT).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u26a1\ufe0fHow did such a huge and foolish incident occur?<\/p>\n<p>\u2014 It seems that during the process of reflecting <a href=\"https:\/\/twitter.com\/search?q=%24APT&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$APT<\/a> coin deposits, there was a failure to check the type arguments, and all same functions transfers were recognized as the same APT native token.<br \/>\u2014 Under normal circumstances,\u2026 <a href=\"https:\/\/t.co\/CvDgTdqnGl\">https:\/\/t.co\/CvDgTdqnGl<\/a> <a href=\"https:\/\/t.co\/8gEx5YnOLH\">pic.twitter.com\/8gEx5YnOLH<\/a><\/p>\n<p>\u2014 Definalist (@definalist) <a href=\"https:\/\/twitter.com\/definalist\/status\/1705916604473901076?ref_src=twsrc%5Etfw\">September 24, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Definalist, the only explanation for the situation is that the wallet management system checked only the token type and data, without proper verification of its source code.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;It seems that during the processing of APT deposits there was a failure to check the type arguments. All transfers of the same functions were recognised as the APT coin. If all tokens of the Aptos ecosystem had been sent to the Upbit wallet, they would have been erroneously identified as APT,&#8221; he explained.<\/em><\/p>\n<\/blockquote>\n<p>Definalist, citing the creator of _TUNA_BOT under the handle Mingmingbbs, noted that the catastrophe was averted by the fact that the price of ClaimAPTGift had six digits after the decimal, while APT has eight.<\/p>\n<p>Under such a scenario, all users would have received $25,000 instead of $250. As a result, thousands of customers could have dumped &#8216;APT&#8217; for $25,000, causing significant disruptions.<\/p>\n<p>Following the detection of the &#8216;non-standard deposit attempt&#8217; of APT, the exchange&#8217;s specialists initiated a review. The platform suspended processing of transactions involving the asset and resumed after addressing the issue.<\/p>\n<p>Some recipients of ClaimAPTGift sold the &#8216;APT&#8217;, after which Upbit&#8217;s support team asked them to return the funds.<\/p>\n<p>Earlier in August, the Aptos team<a href=\"https:\/\/forklog.com\/en\/news\/aptos-team-unveils-a-flexible-token-standard\"> unveiled<\/a> a &#8216;flexible&#8217; token standard. According to the statement, the new form enables seamless airdrops, individual asset binding, and improved performance. <\/p>\n<p>Earlier, ForkLog reported on<a href=\"https:\/\/forklog.com\/en\/news\/pepe-telegram-account-hacked-and-fake-gbtc-token-airdrop\"> a fraudulent airdrop<\/a> of Grayscale Investments tokens.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 24 September, Upbit users received fraudulent ClaimAPTGift tokens as part of an airdrop without submitting the corresponding request. The exchange&#8217;s system treated the asset as Aptos (APT).<\/p>\n","protected":false},"author":1,"featured_media":84945,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1158,1393,1166,1246,1503],"class_list":["post-84944","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-airdrops","tag-aptos-apt","tag-centralized-exchanges-cex","tag-scammers","tag-upbit"],"aioseo_notices":[],"amp_enabled":true,"views":"16","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/84944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=84944"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/84944\/revisions"}],"predecessor-version":[{"id":84946,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/84944\/revisions\/84946"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/84945"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=84944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=84944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=84944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}