Bithumb, the largest bitcoin exchange in South Korea alongside Upbit, has been hacked for around $20 million. The company said that user funds stored in crypto cold storage wallets were not hacked, but corporate funds were moved. Bithumb Hack Likely an Inside Job Cold storage…
Bithumb, the largest bitcoin exchange in South Korea alongside Upbit, has been hacked for around $20 million. The company said that user funds stored in crypto cold storage wallets were not hacked, but corporate funds were moved.
Cold storage wallets refer to offline wallets that are not connected to the internet that major exchanges utilize to eliminate the vulnerability of user funds in potential security breaches.
In a surprising turn of events, Bithumb disclosed that it believes the hack was an inside job and funds might have been moved by individuals associated with the company.
The Bithumb hack comes in about a year since Coincheck, the biggest exchange in Japan, was hacked and less than nine months since Bithumb was last hacked in 2018.
In its official statement, Bithumb said that the company is conducting intensive investigations with cyber authorities in South Korea, acknowledging the incident as an inside job.
“As a result of the internal inspection, it is judged that the incident is an ‘accident involving insiders.’ Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency and security companies. At the same time, we are working with major exchanges and foundations and expect to recover the loss of the cryptocurrency equivalent,” the statement read.
Bithumb said that the exchange has increasingly focused on preventing external attacks and hacking attacks in the past year, which is evident in the exchange ratings released by the Korea Internet & Security Agency (KISA) in August 2018.
Previously, KISA investigated all bitcoin exchanges in South Korea to find potential vulnerabilities and poor security measures on the country’s crypto asset trading platforms.
The agency found most exchanges to have weak security systems in place but cleared Bithumb, Upbit, Korbit, Coinnest, Coinlink, Coinone, Coinplug, and Huobi for having robust security and internal management systems.
“There still exists many cryptocurrency exchanges with subpar security systems and as such, investors are cautioned in investing through unrecognized platforms. The government will continue to monitor and evaluate cryptocurrency exchanges to improve the standard of security employed by trading platforms,” Kim Jeong-sam, the information protection officer at KISA, said at the time.
As explained by Bithumb, the company failed to consider the possibility of insiders including employees and contractors breaching into the system of the exchange to steal millions of funds held by the company.
One positive takeaway from the incident is that Bithumb stored most of the user funds in cold wallets that cannot be accessed by hackers and the damage was limited as a result.
More importantly, stolen funds were reportedly sent to other exchanges, which can be recovered if frozen immediately.
But, it remains uncertain how a company could prevent similar incidents from occurring in the future and prevent insiders from engaging in malicious activities.
The company said:
“Bithumb exchange is certified ISMS and applied to multi-signature withdrawal scheme. We constantly monitor and block external hacking. However, it was our fault that we only focused on defense of outside attack and lack of verification of internal staff.”
The exchange said that it would essentially overhaul its internal workforce verification system and restrict the authority employees and contractors have over the internal management system used by the firm.
The recent hacking attack suffered by Bithumb is not as serious as previous security breaches because user funds were not lost in the process and the system of the exchange was not exploited.
But, it raises a new threat in the bitcoin exchange ecosystem, and in the near-term, major cryptocurrency trading platforms will have to find solutions to prevent similar incidents from arising.
Last modified: January 10, 2020 3:14 PM UTC