Notification on the progress of the SSX hacking incident

4 min readFeb 15, 2024

Dear SOMESING Community Members,

First and foremost, the SOMESING team extends its sincere apologies for the considerable concern caused to the SOMESING community and other industry members due to the hacking incident involving SSX tokens on January 27.

We would like to communicate with the community regarding the project’s response and action plans against this hacking incident and provide an explanation to the fullest extent.

1. Major history of the Hacking Incident

In the early hours of January 27, 2024, an unforeseen attack by an unidentified group of hackers resulted in the withdrawal of foundation-owned SSX tokens.


As soon as we became aware of the incident on January 27, we promptly informed both domestic and foreign exchanges about the hacking and urgently requested the suspension of deposits and withdrawals. Additionally, we collaborated with Uppsala Security, an official partner of Interpol, to trace the movement of the withdrawn SSX tokens. Following an in-depth analysis of movement paths, we expeditiously shared pertinent information concerning the wallet addresses utilized by the hackers with both domestic and foreign exchanges. Consequently, formal requests were made to these exchanges to freeze accounts identified as belonging to the hackers. Subsequently, we received confirmation of the completed freeze from an official at the pertinent exchange where the fund transfer was verified. Furthermore, Uppsala Security’s conclusive analysis report was submitted to DAXA as an attachment to the project’s clarification materials.

Furthermore, information regarding the wallet containing the stolen SSX, which remained untransferred to exchanges, was reported to all domestic and foreign exchanges. We additionally requested the attachment of a warning tag to the wallet and urged for immediate freezing measures in case of any future try to move the asset.

Upon immediate awareness of the incident on January 27th, we swiftly lodged an emergency request with both domestic and overseas exchanges and promptly reported the matter to the Cyber Investigation Unit of the National Police Agency. Simultaneously, on the same day, we visited the local police station and requested expedited investigation procedures through an offline report. Furthermore, we reported the hacking incident to the Korea Internet & Security Agency (KISA) and conducted a security inspection and analysis in collaboration with KISA and an external security company. The analysis report from the external security company has been submitted to DAXA, and the findings of KISA’s review of the infringement incident analysis and response are scheduled to be submitted to DAXA by the end of February.

2. Hacking Path Analysis

Following digital forensics and network log analysis conducted by an external security firm, it was determined that the SSX hacking incident was perpetrated by an external professional hacking group. The analysis report was duly submitted to the Cyber Investigation Unit of the National Police Agency, KISA, and DAXA. It is imperative to note that disclosure of information regarding the hacking group is withheld at this juncture, pending ongoing investigation. Further updates will be disseminated through subsequent notices as developments unfold.

3. Foundation’s Measures to Monitor Excessive Circulating Supply of SSX

The SOMESING team has submitted an amended circulating supply plan to each exchange to reflect the unexpected increase in circulating supply resulting from the hacking incident. Through collaborative efforts with the Xangle team, real-time monitoring of circulating supply based on the updated plan in the Live Watch resumed in a ‘Normal’ state from 10 AM on February 7, 2024.

4. Project’s Response to DAXA Clarification Data Request

In light of the hacking incident, the actual circulating supply volume surpassed the team’s previously announced plan, significantly undermining investor and community trust, a core tenet we have steadfastly pursued. Nonetheless, prior to the hacking incident, the SOMESING team had been at the vanguard of disclosure, revealing circulating supply volume for the first time among projects via Market Cap API integration with the Upbit Exchange. Additionally, SOMESING was the inaugural DApp to proactively introduced Xangle’s Live Watch solution, establishing a real-time monitoring system for SSX and future circulating supply plans, while strictly adhering to the predefined plan without over-distribution of SSX.

Subsequent to DAXA’s issuance of the investment warning flag on SSX on January 29, the SOMESING team diligently submitted all available materials on February 7 and February 13 in response to DAXA’s request for clarification materials. These materials encompassed comprehensive details of the hacking incident, preventive measures adopted by the project, and the overarching project response to the hacking incident.

We believe that the restoration of the trust in the project, which was damaged due to the heightened circulating supply of SSX resulting from this hacking incident, lies in the project’s growth and acknowledgment of its value through SOMESING’s global expansion and ecosystem growth, as outlined in the previously disclosed business strategy and plan.

However, we wholeheartedly acknowledge the project’s complete responsibility for the occurrence of this hacking incident and will be committed to ensuring the project’s reliability, which has been compromised by the surge in distribution resulting from the hacking, by outlining a feasible model to rebuild trust. All finalized decisions will be communicated and implemented in advance.

The SOMESING project is committed to exerting every possible effort to track and recover the stolen assets. Furthermore, it will persist in collaborating with all pertinent agencies, including investigative bodies.

Lastly, we will do our best to actively communicate with DAXA even during the extended investment warning period.

Thank you,