SOMESING says 730 million SSX tokens were stolen from 18 foundation wallets on January 27, 2024, with most sent to HTX and smaller amounts to Gate and a wallet believed to be controlled by the attackers. The project traced the movement with Uppsala Security, reported the case to Korean police and KISA, and asked exchanges and the Klaytn Foundation to freeze or tag the suspected wallets. Its later forensic account says a staff member opened a phishing attachment that impersonated a Korean exchange, and an external security firm attributed the intrusion to North Korea's Kimsuky group. The company described the malware as a previously uncataloged downloader that V3 did not fully remove, then outlined stronger monitoring, firewall, custody, and token-burn measures after the incident.