At Ylsoo, we have always promised that transparency isn’t just something we practice when things are going well; it is most critical when things go wrong.
This week, things went wrong.
We are writing this post to address a significant incident that occurred within the closed beta environment of our new payment platform, Ylsoo Pay. Due to a critical logic error—a "bug"—in the transaction reconciliation layer of the beta software, Ylsoo incurred an internal financial loss of approximately $50 Million USD.
This is a humbling moment for our company. Before we dive into the details, I want to make the most important point immediately clear:
Crucial: User Funds Are Safe We want to unequivocally state that zero user funds were affected by this incident. The $50 million loss was entirely absorbed by Ylsoo’s corporate treasury. The bug affected how our internal systems balanced their own books during high-velocity transactions, essentially causing our system to "overpay" from our own accounts into a closed testing loop. Customer balances, savings, and investments remain secure and untouched.
What Happened? We launched the Ylsoo Pay Beta to stress-test our new infrastructure before rolling it out globally. Betas are, by definition, designed to find breaks in a system. Unfortunately, we found a break that was far larger than anticipated.
The Technical Breakdown: The root cause was a complex "race condition" bug located in the settlement engine of the beta. In simple terms:
When a specific sequence of high-frequency transactions occurred simultaneously, the system failed to lock the transaction state correctly.
This resulted in the system "double-counting" certain outgoing corporate payments before the initial transaction was marked as complete.
Because this was happening at the speed of light across millions of test transactions, the discrepancy compounded rapidly before our automated tripwires shut down the system.
The Immediate Response Our security and engineering teams detected the anomaly within minutes of the threshold being crossed. We immediately took the following steps:
Total Shutdown of Beta: The Ylsoo Pay Beta environment was completely taken offline to stop the financial loss instantly.
Isolation of Funds: Affected corporate accounts were frozen to prevent further movement while we audited the damage.
Root Cause Analysis: Within four hours, our engineering team identified the specific lines of code responsible for the race condition.
The Path Forward: Fixing It and Rebuilding Trust A $50 million mistake is not something you just patch and move on from. It requires a fundamental re-evaluation of our testing protocols. We are taking the following aggressive steps to ensure this never happens again:
External Audit: We have hired a leading third-party cybersecurity firm to perform a "ground-up" audit of the Ylsoo Pay code.
Enhanced Circuit Breakers: We are implementing "Hard-Stop" triggers. If a discrepancy of even a few dollars is detected in the future, the entire system will automatically freeze until manually reviewed.
Expansion of Bug Bounty: We are doubling our rewards for white-hat hackers who find vulnerabilities in our settlement layers.
A Final Note from Luan Kenning "Innovation comes with risks, but those risks should be ours to bear, not yours. While this is a significant financial hit for Ylsoo, our balance sheet remains strong, and our commitment to building the future of payments is unshaken. We will learn from this, we will grow, and we will be better for it."
Thank you for your continued trust. We don't take it for granted.
Best,
Luan Kenning CEO, Ylsoo