Bitcoin Forum

Bithumb reported that they've been hacked,

https://www.coindesk.com/crypto-exchange-bithumb-hacked-for-13-million-in-suspected-insider-job


Ok here we go again, when we are about to take off, another bad incident came in. Although EOS is stolen and not Bitcoin. It says it's a inside job, so let's see how big the extend of this damage is to the whole crypto sphere.

What are your thoughts?

Isn't this the second time this exchange get hacked? Regardless of how it was done and how big the amount was, I think that hacks will continue until we understand that the solution is to start using decentralized exchanges where users have full control over their private keys.

Exactly, the first hacked happened around June 2018 if I'm not mistaken.

Here is a good link to see the hackers wallet intricate movement of coins.

https://www.ccn.com/newsflash-bithumb-hacked-again-13-million-in-eos-20-million-xrp-on-the-move

But how can you prevent something this to happened if it's an inside job? Unless they really audit and investigate the people they are going to hire, specially handling those sensitive or data.

Yeah I recall them as well that they have been hacked before. When I did few searches, it was last 2017.

Fourth largest Bitcoin exchange. Bithumb, hacked for billions of Won (https://bravenewcoin.com/insights/fourth-largest-bitcoin-exchange-bithumb-hacked-for-billions-of-won) - the article was dated July 2017.

Regardless of the date.

One risk of centralize exchanges is like this, there can be an inside job that can lead to millions of loss.

Correct, this is not the first time that they have been hacked. I just look at the current price and seems there is a small correction today, EOS is already -3.5% as per coinmarketcap. I was thinking that this hacking news has something to do with it. Anyways, it's a inside job, maybe some disgruntled employees did the hack or maybe he/she collude with others. Bithumb reported just last week that they're going to lay off 50% of its workforce. So someone think of a way to get back at them. Not cool dude. You will be caught and put to jail for this.

https://cointelegraph.com/news/report-major-south-korean-crypto-exchange-bithumb-to-lay-off-up-to-50-of-staff

I supposed a great actor stealing private keys is not a hack though.

Anyway, this is one of the reasons why centralized will and still be hacked.

I might open a topic on this subject, on how an exchange could prevent such unwanted events. For the moment I could say that most of the actual web applications are poorly secured. The bottom line at this point is this: if a server (instance, container) serving as the main OS can directly communicate to the blockchain then that server is doomed, because an insider can run commands from shell and make whatever transaction he wants. We assume at this point that the access to the server is very well tighten and an attacker could not gain accesss to it in any circumstances. Therefore, if the theft was done by an authorized person, the architecture itself is faulty. Between the machine running the exchange and blockchain processing the transactions it should stay an intermediary layer, supervised by some admins, which are supposed to approve (or not) transactions. You would be amazed to learn that only few exchanges use this extra-protection layer. Sure, individual accounts are still exposed by hacking the owners themselves, not the exchange. But even so, an SMS confirmation along with email notification of any login would cut 99% of hacking attempts on individual accounts.

This is the third time an exchange is hacked in two and a half months

Cryptopia exchange hacked (https://bitcointalk.org/index.php?topic=5097601.0)
Another hack : Dragonex (https://bitcointalk.org/index.php?topic=5124772.0)

I hope that with time people will understand that it must be a reflex to say to themselves that you shouldn't hold your coins with an exchange platform (or the minimum), these are incidents that happen too often to expose themselves to risk.

We keep on telling this thing all over the years but people dont really listen up and just cry when they already lost up money.I thought that these exchange hackings would lessen by as the years passed by but im wrong yet these situations can randomly happen.This might really be an inside job or connected to that lessening of workforce by -50% as a sort of vengeance  :D

I agree. We sounded like broken records here, keep reminding everyone not to put all their funds in a exchange and get a hardware wallet to secure your coins. And then one day, when we see exchanges being hacked, we will hear members here (usually newbies) bitching around saying that they have lost X amount of coins or funds.

Anyways, inside job or not, Bithumb has a lot of explaining to do again.