[2019-03-30] Bithumb, leading Korean exchange, hacked again?!

[BestCoinInvestments]

Just recently, on the morning of March 30, 2019, Bithumb saw yet another cyber attack. It appears that the exchange was hacked and unofficial information says that around 3 million EOS have been stolen.
https://twitter.com/BithumbOfficial/status/1111877947592310785
https://twitter.com/DoveyWan/status/1111839155380801536

Withdrawals and Deposits are temporary paused

The exchange started communicating to it's followers on Twitter, saying that they apologize to their users for delaying deposit and withdraw services. Also, they wanted to inform about the “circumstances” of the grounds and informed that users' funds are safe.
However, it appears that 3,1 million EOS might have been transferred out of their hot storage within 16 transactions, says the unofficial source.
Moreover, it looks like not only EOS tokens were stolen, the same unofficial source claims that more than 20 million XRP were stolen as well!

To find out the actual timeline on how things escalated in this particular case, read in our latest article: https://bestcoininvestments.com/bithumb-leading-korean-exchange-is-being-hacked/

How come Bithumb hasn't learned a thing from the previous hack? Do you think this is different than the previous one?

[traderethereum]

What? Hacked again? It is suspicious to see this exchange got hacked again. How they protect the security from the previous case? Did they fix the problem before or they let that is open so the hacker can come again and steal again? There are too many questions in my head. That proves that the security team is not working hard to protect the site and makes the hacker can do the same thing again.

[Lucius]

This is just a confirmation that this exchange has not done anything to prevent hacking, and that hackers just exploit their security vulnerabilities whenever it comes to mind to take some free money. The good news is that it's just about EOS and XRP, so this hack did not affect whole market. But it is not good that this exchange does not take serious some basic things, do they have experts or clowns working there?

All South Korea crypto exchanges had checks at the end of last year, and Bithumb have fulfilled all conditions by the Korean supervisory bodies. It is more than obvious that they are not well done their job, because bad news do not come only from Bithumb, but also from Coinone which is also passed a security check recently.

[Harlot]

3.1 Million EOS? That's around 13.2 Million US dollars and I think that number is outrageous specially if those funds are from their clients. With that kind of number I don't think that the South Korean government will be silent on this one and I think big sanctions will be slap on Bithumb especially if they won't do anything to compensate their clients. Another thing that I see the South Korean government is doing is they would seriously change their regulations towards crypto exchanges when it comes to their security, which obviously hasn't improve.

[figmentofmyass]

it's probably state-sponsored north korean hackers. these guys are relentless and exchange hot wallets are a gold mine for them. i would hate to be running a south korean exchange in this environment.

just a couple days ago, kaspersky lab released a report saying state-sponsored hackers are targeting crypto exchanges, and are disproportionately focused on south korean targets:

The Kaspersky Lab report further states that Lazarus is only hosting malware on rented servers. Compromised servers are used to host the command & control scripts. For some reason, Lazarus is disproportionately focused on North Korea’s geopolitical rival, South Korea.

As cryptocurrency exchanges are top of the list among the North Korean hacking group’s targets, Kaspersky Lab has urged vigilance

[squatter]

According to Bithumb, this was an inside job and not an external attacker:

In a surprising turn of events, Bithumb disclosed that it believes the hack was an inside job and funds might have been moved by individuals associated with the company.

I can't imagine how they'll recover their reputation after this. If you had any other options at all, why would you keep trading at Bithumb when they get hacked twice a year?!

[JeromeTash]

According to Bithumb, this was an inside job and not an external attacker:

I also have a feeling most of these hacks are insider jobs.
Like how does someone really breach all the security and access hot wallets without any help from the inside. Likely I don't use Bithumb ever since i tried applying for KYC on their exchange and received an untranslatable message in Korea which I did not know what it meant.
That was my last time visiting the exchange.

[BitHodler]

Bithumb hasn't done much to stimulate itself as professional exchange. All they have been doing is hand out bonuses so that they attract new users and incentivize them to wash trade the worst possible shit coins.

People may not like Coinbase, and that for a good reason, but they haven't ever been hacked. This shows that with a good management, capable staff, and eye for security, you can run an exchange without getting hacked or robbed from within.

I remember an interview with CEO Brian Armstrong where he said that he doesn't have access to any of Coinbase's cold wallets. In order to gain access to these funds, different members within Coinbase have to sign.

[1Referee]

I remember an interview with CEO Brian Armstrong where he said that he doesn't have access to any of Coinbase's cold wallets. In order to gain access to these funds, different members within Coinbase have to sign.

It's cool and all that cold wallets are being secured properly, but hacks and insider thefts most of the times concern hot wallets, and these hot wallets can be emptied by every employee who knows where to dig.

In most cases when it concerns insider thefts, you see that before the actual theft the hot wallet has been topped up (in some cases topped up beyond their regular top up amount) and then emptied.

The far majority of the exchanges turning shit are from Asia, and that doesn't surprise me at all with how they continuously cheat and lie to attract users. Seriously, the only legitimate exchange within Asia is BitFlyer, where the rest is utter garbage, so we should expect more of the same in the forthcoming years.

[shamc]

These exchanges are just asking for trouble if they keep that much in hot wallets. They should change their way of working so that funds that are trading are based on numbers only, then they can move it from cold storage at a set time to avoid these major thefts.

[figmentofmyass]

I remember an interview with CEO Brian Armstrong where he said that he doesn't have access to any of Coinbase's cold wallets. In order to gain access to these funds, different members within Coinbase have to sign.

It's cool and all that cold wallets are being secured properly, but hacks and insider thefts most of the times concern hot wallets, and these hot wallets can be emptied by every employee who knows where to dig.

In most cases when it concerns insider thefts, you see that before the actual theft the hot wallet has been topped up (in some cases topped up beyond their regular top up amount) and then emptied.

that's probably not the end of the world in coinbase's case. according to them, they keep <2% of crypto in hot wallets, and the hot wallets are fully insured in the case of a hack or inside job:

Coinbase prioritizes the security of our customer's funds, all digital currency that Coinbase holds online is insured. If Coinbase were to suffer a breach of its online storage, the insurance policy would pay out to cover any customer funds lost as a result. Coinbase holds less than 2% of customer funds online. The rest is held in offline storage.

Please note that the insurance policy covers any losses resulting from a breach of Coinbase’s physical security, cyber security, or by employee theft.

if the cold wallets are ever breached, the shit will hit the fan though.