Hackers Steal $31m+ From South Korean Crypto-Exchange

Written by

South Korean exchange Bithumb has been targeted by hackers for the second time in a year, this time losing over $31m in cryptocurrency.

A notice from the firm, one of the world’s largest digital currency exchanges, claimed that the attack began last night and was discovered this morning, with around 35bn won ($31.5m) taken.

The firm has halted deposits and withdrawals “for the time being” while it conducts a thorough review into what happened.

It claimed that all lost funds will be covered by Bithumb from its own reserve and that remaining assets were removed to a secure cold wallet.

Currencies affected are thought to include Ripple.

Bithumb is thought to be the sixth largest exchange in the world based on its trading volume of over $370m.

However, this isn’t the first time it has been a target for cyber-attackers.

Back in July 2017, hackers stole personal details on 30,000 customers after compromising an employee’s laptop. The resulting phishing campaign tricked them into handing over authentication codes which resulted in large scale theft from customer accounts.

The attacks continue to come thick-and-fast against digital currency exchanges. Bithumb rival Coinrail was targeted by hackers earlier this month in a raid which cost it $37m, around 30% of its total token/coin reserves. In December 2017, Slovenian cryptocurrency marketplace NiceHash was hit by a cyber-attack which led to losses of $64m.

The news will continue to serve as a warning to investors of the risks involved in putting money into the nascent cryptocurrency market.

North Korean hackers have been pegged in the past for spear-phishing attacks against cryptocurrency exchanges and illegal cryptomining, as they look to generate much needed funds for the Kim Jong-un regime.

IEEE member and professor of cybersecurity at Ulster University, Kevin Curran, argued that attacks on crypto-currency organizations have increased as the value of the currency has rocketed in recent years.

“If they do find your crypto-currency wallet or hack online crypto exchanges and transfer the coins — then it is basically gone forever. It is not that we cannot see which ‘wallet’ these ‘coins’ have been transferred into but rather that the stolen tokens can be transformed into ‘fresh’ tokens by using ‘mixing services’, which create new untraceable tokens,” he explained.

“Ultimately, remember that the European Banking Authority and others have warned that Bitcoin users are not protected by refund rights or chargebacks.”

What’s hot on Infosecurity Magazine?