The Daily: Upbit flags private key vulnerability, MegaETH to return funds from pre-deposit campaign, Do Kwon requests 5-year jail cap, and more

The following article is adapted from The Block’s newsletter,  The Daily , which comes out on weekday afternoons.

Happy Friday! Bitcoin is holding near $91,500 through the holiday lull, but analysts warn that whale inflows to Binance hitting a yearly high of $7.5 billion hint at volatility ahead.

In today's newsletter, Upbit uncovers an internal wallet flaw that could let attackers derive private keys, Do Kwon requests a five-year prison term cap, and more.

Meanwhile, Europe's largest asset manager, Amundi, tokenizes its first money market fund on Ethereum.

P.S. Don't forget to check out The Funding, a biweekly rundown of crypto VC trends. It's a great read — and just like The Daily, it's free to subscribe !

Upbit says emergency audit of $30M hack uncovered internal wallet flaw that could let attackers derive private keys

Upbit uncovered and patched an internal wallet flaw during an emergency audit following its $30 million hack this week, saying the vulnerability could have let attackers derive private keys from onchain data.

• The crypto exchange did not directly link the flaw to the breach and found it only after reviewing systems following the abnormal Solana-based token withdrawals on Nov. 27, CEO Oh Kyung-seok said Friday.
• While normal blockchain data doesn't reveal private keys, Upbit's own wallet software appears to have generated weak signatures that could let an attacker reconstruct certain keys by analyzing its past onchain transactions.
• Upbit halted deposits and withdrawals amid the exploit and launched a full inspection of wallet infrastructure while successfully freezing roughly $1.5 million in stolen assets.
• The exchange moved its remaining funds to cold storage, began a full wallet overhaul, and pledged to cover all customer losses from its own reserves.
• On Thursday, South Korean authorities also opened an investigation into the incident as early intelligence reports pointed to possible involvement from North Korea's Lazarus Group.

MegaETH将退还所有预存资金，因执行问题致计划调整

MegaETH，作为以太坊Layer 2扩容解决方案，将退还预存通道活动中募集的全部资金，这是因为期间出现宕机、预存上限调整与多签配置失误，导致活动提前重启。

• 团队承认上线过程存在失误，USDm稳定币预存活动中的执行问题削弱了预先注入主网抵押物的目标。
• 因4-of-4多签配置错误，外部方提前执行了上限增加，最终存款远超原定2.5亿美元，达到4亿美元。
• MegaETH表示，一旦审计合约准备就绪，将启动退款流程，并计划在主网beta前重新开放USDC–USDm兑换桥以丰富流动性。

Do Kwon requests 5-year prison term cap in $40 billion Terra fraud case

Terraform Labs founder Do Kwon asked a U.S. court to cap his prison sentence at five years ahead of his Dec. 11 sentencing for fraud tied to the $40 billion collapse of the Terra-Luna ecosystem.

• His attorneys argued the government's 12-year recommendation overlooks mitigating factors, including Kwon's cooperation and the role of third-party actors in exploiting Terra's vulnerabilities.
• The filing cites Kwon's undisclosed deal with Jump Trading and frames his actions as driven by hubris and desperation rather than personal enrichment.
• Kwon's lawyers also pointed to his nearly two years of detention in Montenegro and noted he still faces a separate 40-year sentence request from South Korean prosecutors.

BitMine buys $44 million worth of Ethereum as Tom Lee gives bullish outlook

BitMine added 14,618 ETH to its treasury on Thursday, worth roughly $44 million, according to data from Arkham, though the firm has not formally confirmed the transaction.

• The move follows BitMine's recent $200 million buy and pushes its Ethereum holdings toward its goal of owning 5% of the total supply.
• As of its last official announcement, BitMine holds 3,629,701 ETH worth about $10.9 billion.
• In a recent interview, Chair Tom Lee reiterated his long-term bullish stance, predicting ETH could climb to between $7,000 and $9,000 by January after bottoming near $2,500.
• Lee also forecast a dovish Fed pivot that could lift broader crypto markets, adding that bitcoin could break above $100,000 again this year.

Balancer plans to distribute $8 million in recovered funds from $128 million exploit

Balancer proposed distributing $8 million in rescued assets to liquidity providers hit by its $128 million exploit earlier this month, using a non-socialized, pro-rata model tied to BPT balances at the time of the attack.

• The recovery effort salvaged roughly $28 million in total through internal operations and white hat interventions, though $19.7 million in osETH and osGNO remains under StakeWise management, it said.
• Six white hats who recovered $3.9 million will receive 10% bounties subject to identity checks, with a 180-day claim window for the broader distribution before unclaimed assets require a governance vote on reallocation.

Looking ahead to next week

• Eurozone CPI inflation data are out on Tuesday. U.S. jobless claims follow on Thursday. Eurozone GDP numbers and U.S. PCE figures are due on Friday.
• U.S. Federal Reserve Chair Jerome Powell will speak on Monday. ECB President Christine Lagarde speaks on Wednesday.
• Hyperliquid, Celo, Zora, Optimism, dYdX, Ethena, EigenLayer, and Sui are among the crypto projects set for token unlocks .
• India Blockchain Week gets underway in Bengaluru. Africa Bitcoin Conference kicks off in Mauritius.

Never miss a beat with The Block's  daily digest  of the most influential events happening across the digital asset ecosystem.