KakaoTalk, South Korea's largest communication software, vigorously develops blockchain technology and launches its own public chain, wallet and even DeFi protocol. However, its encrypted wallet Klip was stolen in March 2022, which also caused users to question its security. Recently, local media revealed that executives of Kakao’s subsidiaries are suing the company’s blockchain unit GroundX, demanding compensation for the theft of its assets.
9 billion won in assets were stolen, Kakao executives took advantage of their own company
Klip is Kakao’s encrypted wallet on its public chain Klaytn, developed by Kakao’s blockchain department GroundX. According to reports, the victim, Mr. A, was an executive at a subsidiary of Kakao. In March 2022, someone used Mr. A’s information to activate a phone number and successfully logged into Mr. A’s KakaoTalk and other communication software.
When Mr. A discovered that his KakaoTalk had been stolen, he discovered that his assets had been divided into dozens of transactions and withdrawn to overseas exchanges. The amount of loss includes 4 billion won worth of digital assets in Klip and approximately 5 billion won in digital assets in KLAWswap.
Although Kakao plays a pivotal role in Korean society, its blockchain layout is not so smooth. Its TVL has fallen to $32.39 million from a high of $1.27 billion, according to DefiLlama data. When its founder was wanted, Klaytn’s currency price was hit hard.
Account abstraction highlights security issues, Kakao is gradually reducing its blockchain department
Mr. A said that GroundX’s identity authentication mechanism is too simple. You only need to log in to your KakaoTalk account to log in to the Klip wallet. When transferring digital assets, you only need to obtain the PIN code and you can transfer without secondary authentication. It sounds nice that no complicated procedures are required, but it also leads to insufficient security, and the abnormal transaction detection system failed to prevent abnormal remittances.
Mr. A believes that there are loopholes in Klip’s user information management, so his wallet address and information may have been exposed in advance. He even said that the hackers knew beforehand that he had a large amount of crypto assets stored in his wallet, and therefore targeted him in advance.
In the version at that time, Klip had a very convenient function for online banking. You could transfer funds by entering your phone number. Although this is a bit of an account abstraction, it also makes the user's address public in disguise. Mr. A stated that he received unknown assets before his account was compromised. Currently, Klip has removed the phone number transfer feature.
It is understood that Klip has nearly 2 million users, and it can be understood that its relationship is similar to Telegram and TON Wallet. However, Kakao is gradually reducing its blockchain department. It separated Klip from KakaoTalk in July last year and gradually sold its NFT Klaybay and NFT trading market Klip Drops. A spokesperson for Kakao also admitted that it is currently integrating the GroundX unit.
This article South Korean communications giant exposes security vulnerabilities! Kakao executives talk about their own encryption wallet first appeared on Chain News ABMedia.