South Korean Telecom Giant Exposes Security Vulnerability! Kakao Executive Clashes with Own Cryptocurrency Wallet

South Korea's largest messaging app KakaoTalk is heavily investing in blockchain technology, launching its own public chain, wallet, and even DeFi protocols. However, its cryptocurrency wallet Klip was hacked in March 2022, raising concerns about its security among users. Recently, local media revealed that executives of a subsidiary under Kakao are suing the company's blockchain division GroundX, demanding compensation for the stolen assets.

₩9 Billion Stolen, Kakao Executive Clashes with Own Company

Klip is an encrypted wallet on Kakao's public chain Klaytn, developed by Kakao's blockchain department, GroundX. According to reports, the victim, Mr. A, is an executive of a subsidiary under Kakao. In March 2022, someone used Mr. A's information to activate a phone number and successfully logged into Mr. A's KakaoTalk and other communication apps.

When Mr. A realized that his KakaoTalk had been hacked, he discovered that his assets had been divided into dozens of transactions and transferred to overseas exchanges. The losses include approximately ₩4 billion worth of digital assets in Klip and around ₩5 billion in digital assets in KLAWswap.

Despite Kakao's significant presence in South Korean society, its blockchain layout has faced challenges. According to DefiLlama data, its TVL has dropped from a peak of $1.27 billion to $32.39 million. The price of Klaytn also took a hit when its founder was wanted.

Account Abstraction Highlights Security Issues, Kakao Gradually Reducing Blockchain Department

Mr. A mentioned that GroundX's identity verification mechanism was too simple, requiring only a KakaoTalk account to access the Klip wallet. When transferring digital assets, one only needed a PIN code without secondary authentication. While this may seem convenient, it also led to insufficient security, as abnormal transaction detection systems failed to prevent unauthorized transfers.

Mr. A believes there are vulnerabilities in Klip's user data management, suggesting that his wallet address and information may have been exposed in advance. He even mentioned that hackers knew in advance that his wallet contained a large amount of encrypted assets, allowing them to target him early on.

In the previous version, Klip had a feature similar to online banking where one could transfer funds by entering a phone number. Although this concept was convenient, it also inadvertently exposed user addresses. Mr. A stated that he had received unknown assets before his account was hacked. Currently, the phone number transfer function has been removed from Klip.

It is understood that Klip has nearly 2 million users, with a relationship similar to Telegram and TON Wallet. However, Kakao is gradually downsizing its blockchain department, having separated Klip from KakaoTalk in July last year and started selling its NFT platform, Klaybay, and NFT marketplace, Klip Drops. Kakao's spokesperson admitted that they are currently integrating the GroundX department.