Reports have trickled in for the past week about a data breach at Korea’s largest exchange, Bithumb. Although we know little about what happened, the company now says it has compensated all who lost funds as a result.
Hacker Stole Data Then Went Phishing
About 31,000 Bithumb users’ personal records were accessed via a Bithumb employee’s home computer — later resulting in bitcoin and ethereum theft through phishing attacks.
The attacker reportedly breached a Bithumb employee’s computer, resulting in the theft of personal data for 31,000 Bithumb users. That data was then used to issue various phishing attacks to gain access to the users Bithumb accounts.
It is unclear when the initial hack of the employee PC took place. Bithumb has since released two statements regarding compensation for the leak of personal information, and further damages related to the hack.
Investors and criminals are looking to take advantage of the recent rise in the price of bitcoin, ethereum, and other cryptocurrencies. Several Korean agencies are initiating a joint investigation to find out how the breach happened.
What Is Bithumb?
Bithumb, based in Seoul, is one of the world’s largest bitcoin exchanges. In fact it’s estimated that Bithumb is responsible for processing 10 percent of bitcoin’s total daily trading volume.
The majority of Bithumb’s users live in South Korea, though it has interface options for English and other major world languages.
The exchange said the 31,000 users affected represents only three percent of its total user base. There is no announcement or link to news concerning the hack currently on the front page.
How Was Personal Information Hacked?
Bithumb discovered the breach of the employee’s computer on the 29th of June. Bithumb then reported the discovery to authorities the next day. However, reports have stated that the initial breach actually happened back in February.
At this time it’s unconfirmed exactly when the breach occurred. Once the joint investigation is complete, there may be some more clarity as to the details of the initial breach — and when the personal information was stolen. BBC reported:
“The breach is reported to have occurred in February, and is said to have involved an employee’s home PC rather than computer servers at the firm’s headquarters.”
How Were the Bitcoins and Ethereum Stolen?
The hacker began issuing phishing attacks after acquiring the users’ data. Then, most of the phishing attacks came through SMS text, voice calls, and email.
The attackers would pose as employees of Bithumb, stating that they were trying to prevent foreign activity on the users’ accounts. The attacker would then ask for the one-time-password for the account. Armed with the one-time-password, the attackers then gained full access to the accounts. Once inside, the attacker would drain the balance to a designated wallet of their own.
Bithumb Says It Will Compensate Victims
Bithumb released a statement on Monday 3rd July. In this statement, they apologized for the breach and announced they would give compensation of 100,000 KRW to those affected on 5th July.
Then on 5th July the company released another statement on their message board. This notice stated that the users who confirmed their leaked personal data had received their compensation of 100,000 KRW.
Also in this statement, management expressed they will further compensate the individuals who suffered further damages as a result of this hack — after these damages are confirmed. The statement added:
“In addition, for the members who suffer additional damage due to this incident, we will compensate the entire amount of damages in a responsible manner by the representative exchange as the damage amount is fixed.”
Higher Value, More Opportunities – for Everyone
According to data from coinmarketcap.com, at the start of April all cryptocurrencies had a total market cap of $25,000,000,000. This grew to an all-time high of $116,000,000 in mid-June.
This massive increase has brought a lot of attention to bitcoin and other crypto-currencies. It has also resulted in new investors looking to get involved, new companies looking to adopt, and — unfortunately — new criminals looking for a quick scam.
Perhaps a successful investigation of the Bithumb hack could answer questions for those affected, and thwart future similar hacks from happening.
Was Bithumb’s response to the hack adequate? What should exchanges do to be more secure? Let us know.
Images via Bithumb, Pixabay