Bitcoin Forum
June 17, 2019, 12:23:06 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2019-03-30] Bithumb, leading Korean exchange, hacked again?!  (Read 75 times)
BestCoinInvestments
Jr. Member
*
Offline Offline

Activity: 37
Merit: 2


View Profile
March 30, 2019, 10:28:51 AM
 #1

Just recently, on the morning of March 30, 2019, Bithumb saw yet another cyber attack. It appears that the exchange was hacked and unofficial information says that around 3 million EOS have been stolen.
https://twitter.com/BithumbOfficial/status/1111877947592310785
https://twitter.com/DoveyWan/status/1111839155380801536

Withdrawals and Deposits are temporary paused

The exchange started communicating to it's followers on Twitter, saying that they apologize to their users for delaying deposit and withdraw services. Also, they wanted to inform about the “circumstances” of the grounds and informed that users' funds are safe.
However, it appears that 3,1 million EOS might have been transferred out of their hot storage within 16 transactions, says the unofficial source.
Moreover, it looks like not only EOS tokens were stolen, the same unofficial source claims that more than 20 million XRP were stolen as well!

To find out the actual timeline on how things escalated in this particular case, read in our latest article: https://bestcoininvestments.com/bithumb-leading-korean-exchange-is-being-hacked/

How come Bithumb hasn't learned a thing from the previous hack? Do you think this is different than the previous one?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
traderethereum
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 508



View Profile
March 30, 2019, 10:32:19 AM
 #2

What? Hacked again? It is suspicious to see this exchange got hacked again. How they protect the security from the previous case? Did they fix the problem before or they let that is open so the hacker can come again and steal again? There are too many questions in my head. That proves that the security team is not working hard to protect the site and makes the hacker can do the same thing again.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Lucius
Legendary
*
Offline Offline

Activity: 1442
Merit: 1218


Fortis Fortuna Adiuvat


View Profile WWW
March 30, 2019, 10:59:52 AM
 #3

This is just a confirmation that this exchange has not done anything to prevent hacking, and that hackers just exploit their security vulnerabilities whenever it comes to mind to take some free money. The good news is that it's just about EOS and XRP, so this hack did not affect whole market. But it is not good that this exchange does not take serious some basic things, do they have experts or clowns working there?

All South Korea crypto exchanges had checks at the end of last year, and Bithumb have fulfilled all conditions by the Korean supervisory bodies. It is more than obvious that they are not well done their job, because bad news do not come only from Bithumb, but also from Coinone which is also passed a security check recently.

Harlot
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 596



View Profile
March 30, 2019, 03:14:18 PM
 #4

3.1 Million EOS?Huh That's around 13.2 Million US dollars and I think that number is outrageous specially if those funds are from their clients. With that kind of number I don't think that the South Korean government will be silent on this one and I think big sanctions will be slap on Bithumb especially if they won't do anything to compensate their clients. Another thing that I see the South Korean government is doing is they would seriously change their regulations towards crypto exchanges when it comes to their security, which obviously hasn't improve.

figmentofmyass
Hero Member
*****
Online Online

Activity: 1106
Merit: 794



View Profile
March 30, 2019, 08:17:01 PM
 #5

it's probably state-sponsored north korean hackers. these guys are relentless and exchange hot wallets are a gold mine for them. i would hate to be running a south korean exchange in this environment.

just a couple days ago, kaspersky lab released a report saying state-sponsored hackers are targeting crypto exchanges, and are disproportionately focused on south korean targets:

Quote
The Kaspersky Lab report further states that Lazarus is only hosting malware on rented servers. Compromised servers are used to host the command & control scripts. For some reason, Lazarus is disproportionately focused on North Korea’s geopolitical rival, South Korea.

As cryptocurrency exchanges are top of the list among the North Korean hacking group’s targets, Kaspersky Lab has urged vigilance

squatter
Hero Member
*****
Offline Offline

Activity: 1120
Merit: 795


STOP SNITCHIN'


View Profile
March 30, 2019, 08:29:00 PM
 #6

According to Bithumb, this was an inside job and not an external attacker:

Quote
In a surprising turn of events, Bithumb disclosed that it believes the hack was an inside job and funds might have been moved by individuals associated with the company.

I can't imagine how they'll recover their reputation after this. If you had any other options at all, why would you keep trading at Bithumb when they get hacked twice a year?!

JeromeTash
Full Member
***
Offline Offline

Activity: 364
Merit: 182


Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile
March 30, 2019, 08:53:39 PM
 #7

According to Bithumb, this was an inside job and not an external attacker:
I also have a feeling most of these hacks are insider jobs.
Like how does someone really breach all the security and access hot wallets without any help from the inside. Likely I don't use Bithumb ever since i tried applying for KYC on their exchange and received an untranslatable message in Korea which I did not know what it meant.
That was my last time visiting the exchange.

BitHodler
Legendary
*
Offline Offline

Activity: 1288
Merit: 1135


View Profile
March 30, 2019, 11:07:59 PM
 #8

Bithumb hasn't done much to stimulate itself as professional exchange. All they have been doing is hand out bonuses so that they attract new users and incentivize them to wash trade the worst possible shit coins.

People may not like Coinbase, and that for a good reason, but they haven't ever been hacked. This shows that with a good management, capable staff, and eye for security, you can run an exchange without getting hacked or robbed from within.

I remember an interview with CEO Brian Armstrong where he said that he doesn't have access to any of Coinbase's cold wallets. In order to gain access to these funds, different members within Coinbase have to sign.

1Referee
Legendary
*
Offline Offline

Activity: 1904
Merit: 1308

Segwit please.


View Profile
March 31, 2019, 12:09:54 PM
 #9

I remember an interview with CEO Brian Armstrong where he said that he doesn't have access to any of Coinbase's cold wallets. In order to gain access to these funds, different members within Coinbase have to sign.

It's cool and all that cold wallets are being secured properly, but hacks and insider thefts most of the times concern hot wallets, and these hot wallets can be emptied by every employee who knows where to dig.

In most cases when it concerns insider thefts, you see that before the actual theft the hot wallet has been topped up (in some cases topped up beyond their regular top up amount) and then emptied.

The far majority of the exchanges turning shit are from Asia, and that doesn't surprise me at all with how they continuously cheat and lie to attract users. Seriously, the only legitimate exchange within Asia is BitFlyer, where the rest is utter garbage, so we should expect more of the same in the forthcoming years.

shamc
Copper Member
Jr. Member
*
Offline Offline

Activity: 336
Merit: 1


View Profile
March 31, 2019, 04:07:03 PM
 #10

These exchanges are just asking for trouble if they keep that much in hot wallets. They should change their way of working so that funds that are trading are based on numbers only, then they can move it from cold storage at a set time to avoid these major thefts.

[ S E S S I A ] NEW GENERATION SOCIAL NETWORK
twitter    ◾ telegram     (❪  W H I T E P A P E R  ❫)
GET APP  ❱❱❱  ► Google Play   ► App Store
figmentofmyass
Hero Member
*****
Online Online

Activity: 1106
Merit: 794



View Profile
March 31, 2019, 04:55:17 PM
 #11

I remember an interview with CEO Brian Armstrong where he said that he doesn't have access to any of Coinbase's cold wallets. In order to gain access to these funds, different members within Coinbase have to sign.

It's cool and all that cold wallets are being secured properly, but hacks and insider thefts most of the times concern hot wallets, and these hot wallets can be emptied by every employee who knows where to dig.

In most cases when it concerns insider thefts, you see that before the actual theft the hot wallet has been topped up (in some cases topped up beyond their regular top up amount) and then emptied.

that's probably not the end of the world in coinbase's case. according to them, they keep <2% of crypto in hot wallets, and the hot wallets are fully insured in the case of a hack or inside job:

Quote
Coinbase prioritizes the security of our customer's funds, all digital currency that Coinbase holds online is insured. If Coinbase were to suffer a breach of its online storage, the insurance policy would pay out to cover any customer funds lost as a result. Coinbase holds less than 2% of customer funds online. The rest is held in offline storage.

Please note that the insurance policy covers any losses resulting from a breach of Coinbase’s physical security, cyber security, or by employee theft.

if the cold wallets are ever breached, the shit will hit the fan though.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!