On April 9, South Korean crypto exchange GDAC fell victim to a hot wallet hack, resulting in the loss of at least $13 million in Bitcoin (BTC), Ethereum (ETH), WEMIX, and USDT.

GDAC’s monitoring system detected the hack, and the exchange immediately suspended deposits and withdrawals while alerting the authorities.

The hacker managed to steal 60.81 BTC (approximately $1.7 million), 350.50 ETH ($649,000), 10,000,000 WEMIX ($11.4 million), and 220,000 USDT ($220,000). This accounts for 23% of GDAC’s assets under custody.

After discovering the breach, the Seoul-based exchange contacted the police and reported the incident to the Korea Internet and Security Agency. Additionally, GDAC notified the Financial Intelligence Unit, the government agency responsible for preventing money laundering and terrorist financing. The exchange has also asked other platforms to prevent deposits from a wallet address holding the stolen funds.

Hong Kong’s upcoming crypto legislation proposes that crypto custodians can hold up to 2% of customer assets in hot wallets. Platforms must also hold insurance to cover custody risks.

Meanwhile, security firm BlockSec managed to recover 100 ETH from a DeFi hack that exploited a bug in SushiSwap’s Router2Processor2 smart contract on April 9. PeckShield initially reported that the hack cost one user at least 1,800 ETH ($3.3 million).