2018
Multiple Networks (EOS and XRP)
South Korea
Bithumb
Stolen Funds: An estimated 850,000 BTC were stolen, representing roughly 8% of all bitcoins in circulation at the time. (Current estimates suggest the number might be closer to 650,000 BTC). Disruptions to Service: Mt. Gox suspended withdrawals in February 2014 and later filed for bankruptcy. Data Breach: The extent of a potential data breach remains unclear. Eroded Trust: The hack significantly damaged user trust in cryptocurrency exchanges and the overall market.
Bithumb Response: Bithumb initially downplayed the incident but later confirmed the hack and suspended operations. They claimed to have retrieved some stolen funds and implemented security improvements. User Compensation: Bithumb reimbursed affected users for stolen funds using their reserves, which helped mitigate user frustration. Law Enforcement/Regulation: South Korean law enforcement investigated the hack, but no public details about the investigation or arrests are available. Regulatory discussions around stricter cryptocurrency exchange regulations likely continued in South Korea after the hack.
Exchange Hack
$19.4 million USD at the time of the hack
The specific cause remains unclear, but likely involved a combination of factors: Insider Threat: Experts suspect an insider might have provided hackers with access or information about Bithumb's systems. Hot Wallet Vulnerability: The stolen funds were reportedly held in hot wallets, making them more susceptible to online attacks. Exploited Vulnerability: The specific technical vulnerability exploited is unknown but likely involved compromising Bithumb's internal security protocols.
Estimates suggest hundreds of thousands of users were impacted by the hack.
The South Korean response likely involved increased scrutiny of cryptocurrency exchanges and potential discussions around stricter regulations.
$19.4 million USD at the time of the hack
Bithumb's initial downplaying of the hack followed by user compensation efforts reflects a mixed public relations strategy.
Insider Threat: The importance of robust internal controls, background checks, and limited access within cryptocurrency exchanges.
This report analyzes the hack of Bithumb, a major South Korean cryptocurrency exchange, in June 2019. Bithumb was one of the largest exchanges globally at the time, highlighting the vulnerability of even prominent players in the cryptocurrency ecosystem.
The circumstances leading up to the hack are unclear. Bithumb claimed to have security measures in place, but the effectiveness proved inadequate.
Method of Attack: Suspected Insider Job and Hot Wallet Exploit
Description: While details remain unclear, the hack likely involved a combination of factors:
Insider Involvement: Experts suspect an insider might have provided hackers with access or information about Bithumb's systems.
Hot Wallet Vulnerability: The stolen funds were reportedly held in a hot wallet, making them more susceptible to online attacks compared to cold storage.
Exploited Vulnerability: The specific technical vulnerability exploited remains unknown, but it likely involved compromising Bithumb's internal security protocols.
Financial Impact: Around 3,000 EOS tokens (worth $13.4 million USD) and 20 million XRP tokens (worth $6 million USD) were stolen at the time.
Disruptions to Service: Bithumb suspended operations for a short period following the hack.
Eroded Trust: User trust in Bithumb declined due to the security breach.
Market Impact: The hack caused temporary jitters in the cryptocurrency market, leading to minor price fluctuations.
Bithumb Response: Bithumb initially downplayed the incident but later confirmed the hack and suspended operations. They claimed to have retrieved some stolen funds and implemented security improvements.
User Compensation: Bithumb reimbursed affected users for stolen funds using their reserves. This decision helped mitigate some user frustration.
Law Enforcement/Regulation: South Korean law enforcement investigated the hack, but no public details about the investigation or arrests are available.
Regulatory discussions around stricter cryptocurrency exchange regulations were likely ongoing in South Korea at the time.
Security Shortcomings: The hack exposed vulnerabilities in Bithumb's security measures, particularly their reliance on hot wallets and potentially weak internal controls.
Regulatory Compliance: South Korean cryptocurrency regulations were still evolving in 2019. The hack might have contributed to calls for stricter exchange oversight.
Importance of Secure Storage: The hack highlighted the importance of robust security practices, including storing most cryptocurrency holdings in secure cold wallets and minimizing hot wallet usage.
Insider Threat: The suspected insider involvement emphasizes the need for strong internal controls and background checks for exchange employees.
The Bithumb hack exposed security shortcomings at a major cryptocurrency exchange. The incident served as a wake-up call for the industry, highlighting the need for robust security practices, secure storage solutions, and potentially stricter regulations. Rebuilding user trust requires transparency, accountability, and a commitment to user security.
Cybersecurity experts might emphasize the importance of ongoing security assessments and penetration testing to identify and address vulnerabilities.
Industry analysts could discuss the potential long-term impact on Bithumb's reputation and the need for the exchange to regain user trust.
https://www.bbc.co.uk/news/business-64313624