Isn't this the second time this exchange get hacked? Regardless of how it was done and how big the amount was, I think that hacks will continue until we understand that the solution is to start using decentralized exchanges where users have full control over their private keys.
Exactly, the first hacked happened around June 2018 if I'm not mistaken.
Here is a good link to see the hackers wallet intricate movement of coins.
https://www.ccn.com/newsflash-bithumb-hacked-again-13-million-in-eos-20-million-xrp-on-the-moveBut how can you prevent something this to happened if it's an inside job? Unless they really audit and investigate the people they are going to hire, specially handling those sensitive or data.
I might open a topic on this subject, on how an exchange could prevent such unwanted events. For the moment I could say that most of the actual web applications are poorly secured. The bottom line at this point is this: if a server (instance, container) serving as the main OS can directly communicate to the blockchain then that server is doomed, because an insider can run commands from shell and make whatever transaction he wants. We assume at this point that the access to the server is very well tighten and an attacker could not gain accesss to it in any circumstances. Therefore, if the theft was done by an authorized person, the architecture itself is faulty. Between the machine running the exchange and blockchain processing the transactions it should stay an intermediary layer, supervised by some admins, which are supposed to approve (or not) transactions. You would be amazed to learn that only few exchanges use this extra-protection layer. Sure, individual accounts are still exposed by hacking the owners themselves, not the exchange. But even so, an SMS confirmation along with email notification of any login would cut 99% of hacking attempts on individual accounts.
