Bithumb, the fourth largest Bitcoin and the biggest Ethereum exchange has been just hacked. The unfortunate event has resulted in the loss of over $1 million in cryptocurrencies. As for the hacking itself, it has been done via compromised user accounts.
The Bithumb Hack: What Are the Damages?
Bithumb is in fact South Korea’s largest cryptocurrency exchange with 20% of global Ethereum trades. Approximately 10% of the global Bitcoin trade is exchanged for Won, the local currency.
A cyberattack has led to the loss of billions of Won from customers’ accounts, as reported by BraveNewCoin. A major local newspaper, the Kyunghyang Shinmun, a single victim claims reveal that Bitcoins worth 10 million won in the victim’s account disappeared for seconds. Victims of the hack who were surveyed say that hundreds of millions of won have been withdrawn from accounts of 100 investors. Another member says that 1.2 billion won were stolen from his account.
Apparently, hackers successfully grabbed the personal information of 31,800 Bithumb users. Emails, mobile phone numbers, and email addresses have been harvested. Bithumb says that the numbers depics around 3% of customers.
Bithumb discovered the breach on June 29 and reported it to the authorities the next day. More than 100 of their customers have files complaints with the National Police Agency’s cybercrime report center. Interestingly, the exchange has admitted to being breached but has said that no direct access to funds on the platform has been seen.
On the contrary, customers report their digital currency wallets being emptied, as evident by the numbers quoted above. Bithumb also claims that the attack started from a personal employee computer, not their internal network, servers or wallets.
Bithumb’s Response
This is what Bithumb has said regarding the hack:
The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked. However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions.
The information stolen in the hack may lead to vishing attempts where scammers call victims on their phones and pose as Bithumb representatives, which may lead to further damage.
Bithumb has published an official statement saying that “compensation for personal information leakage cases has been decided,” and they would pay up to 100,000 won per person.
It is also not known yet whether the exchange will be held legally responsible for the lost funds. As pointed out by experts, this situation is quite complicated due to lack of regulation in terms of digital currencies in South Korea.