Theori ChainLight analyzed the April 2023 GDAC exchange theft and assessed that the attacker may have compromised internal API infrastructure rather than simply stealing private keys. The report highlights unusual sweep transactions from many user deposit addresses into GDAC hot wallets before attacker withdrawals, sorted deposit-address balances, and gas-limit behavior matching GDAC's normal withdrawal system. The incident involved roughly 10 million WEMIX, about 18 billion KRW in reported losses, and selective theft of BTC, ETH, WEMIX, and USDT while other ERC-20 assets remained untouched. Theori recommended continued fund tracing and potential ecosystem-level controls such as bridge, DEX, blacklist, and law-enforcement coordination.