South Korean bitcoin exchange Bithumb has promised to compensate users following a data breach of users’ personal details leading to the theft of funds from multiple user accounts.
A cyberattack targeting Bithumb, South Korea’s largest bitcoin and Ethereum exchange by trading volume, has resulted in the loss of personal data belonging to an estimated 31,000 users, or 3% of its members, as reported by local news outlet MK. The stolen data includes personal information such as email addresses and telephone numbers, the latter which proved instrumental in the theft of funds via voice phishing.
Bithumb is the largest exchange in Korea, a country that is among the busiest bitcoin trading markets in the world. The exchange is also the largest Ethereum exchange in the world, according to data from CoinmarketCap.
The data breach is believed to be the result of the hack of employees’ home personal computers, according to local publication Yonhap.
“The accident was caused by an external infringement incident,” Bithumb wrote in a notice on Friday, confirming the hack. “It [the breach] is independent of Bithumb’s internal network, server and virtual wallet, and all members’ original (fiat) and virtual currency deposits are safe.”
Despite Bithumb’s claims of account funds being safe, a local report has pointed to numerous customer losses suffered as early as February. A survey among customers who lost money as a result of the hack estimates “hundreds of millions of won” withdrawn from accounts of one hundred investors.
After gaining access to user accounts, the hackers – purporting to work for Bithumb – called customers to ask for codes from customers’ Google Authenticator accounts to execute bitcoin withdrawals from user accounts.
One particular Bithumb user, who fell for the call, claimed to have lost 10 million won (approx. $8650) from his wallet on February 19 merely minutes after speaking to the hacker.
In a notice today, Bithumb has offered a compensation of 100,000 won ($86) for all customers impacted by the data breach.
The exchange notably added that it would also reimburse customer for all losses incurred due to the data breach, without confirming any specific details of loss of customer funds.
Also, for those who suffer additional damage due to this incident, we will compensate the entire [sum] of damages in a responsible manner once the damages are determined.
The Korea Internet & Security Agency (KISA) has already conducted a preliminary investigation into the case. “Prosecutors have launched a probe into the case and will release investigation results in a few days,” an unnamed KISA official told Business Korea.
The high-profile data hack and theft of customer funds comes at a time when a lawmaker from South Korea’s ruling party is pushing bills for the regulation of the bitcoin industry.
Featured image from Shutterstock.
Last modified: May 21, 2020 9:42 AM UTC