A token that’s designed to fool users into thinking it’s an authentic version of Aptos temporarily shut down services on Korean exchange Upbit for the APT token after some were able to deposit and cash out the counterfeit coin.

According to on-chain data, the token, which originated from the airdrop scam site ClaimAPTGift.com, is held by approximately 400,000 wallets.

On X (formerly known as Twitter), one user highlighted a bug on Upbit that caused the exchange to accept the fake tokens because it didn’t thoroughly check the underlying source code.

During the deposit process of $APT coins on UpBit, there was an oversight in verifying type arguments, causing all transfers to be identified as native APT tokens. Under standard protocols, certain checks should differentiate tokens, but this wasn’t the case, user MingMingBBS, co-founder of Tuna_Bot, said to Definalist.

“Amidst the misfortune, the scammer’s token’s decimal difference from the native token prevented what could have been a significant market disruption. If not for this decimal difference, users might have been credited ten times their expected value,” they continued.

While deposits and withdrawals were temporarily suspended, Upbit resumed services for the token by Sunday night Korea time, it said in a statement.