BITHUMB

DESCRIPTION OF EVENTS

“Hackers have stolen user data … from Bithumb, one of the top five biggest Ethereum and Bitcoin cryptocurrency exchanges” “The exchange has a 75.7 percent share of the South Korean bitcoin market, with a daily trading volume of over 13,000 bitcoins. It is also the world’s largest ethereum market and accounts for around 44 percent of South Korea’s ether trading.” "A cyber attack late last week resulted in the loss of billions of won from customers accounts...Hackers succeeded in grabbing the personal information of 31,800 Bithumb website users, including their names, mobile phone numbers and email addresses." “At the time, Bithumb was the world’s fourth largest bitcoin exchange and the largest exchange in South Korea, accounting for over 75% of bitcoin trading volume in South Korea. The hack was traced back to a single employee’s compromised PC. Many users reported having millions of Won disappear from their personal accounts overnight.” “Bithumb said that the thieves stole a database of user information off the personal computer of an employee, rather than off the company’s internal network. The attackers allegedly nabbed the names, email addresses, and mobile phone numbers (no passwords, apparently), of more than 31,800 customers, according to a Monday report from Yonhap, a South Korean news wire.” “According to the 'Meeting People Lost With Bithumb Hacking,' which was formed on the 27th of [June], it is estimated that hundreds of hundreds to hundreds of billions of money were withdrawn from accounts of more than 100 investors. One member claims to have robbed 1.2 billion won.” “One victim claims that the attacker posed as an executive at Bithumb and phoned to say that he was "suspicious of a foreign hacking transaction,” and instructed his victim to give him an “identification number written on the letter from Bithumb.”” “Apparently, the crooks phoned Bitcoin holders pretending to be Bithumb bosses, and convinced some of their marks to hand over one-time passwords granting access to their money stores.” “The security breach is believed to have occurred in February of this year, discovered on June 28, and the authorities were alerted the very next day. Now people are being told to change their passwords as a precaution, and have been assured they will be reimbursed if any of their cyber-dosh has gone missing – plus about 90 bucks each in compensation for having their personal info carelessly spilled.”

Company policy apparently allowed an employee to “take home” customer records, and this employee had security faults on their PC. One would assume that an exchange would invest in additional precautions to protect traders, with explicit confirmations when funds are being withdrawn, especially if withdrawal wallet addresses are changed or added, and access is happening from an unexpected location. However, from screenshots online, it appears that the text messages only say “BITHUMB Verification Code” and are sent via SMS. Then, between the breach in February, and the detection in June, 4 months passed. During this entire time, one would assume that multiple customers would have reported funds missing. Apparently, it took all these people getting together and organized with each other before something was done. In the end, this situation resulted in a full reimbursement for all customers of what they’d lost, with additional reimbursement for the privacy breach.

100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5)
Breached Bitcoin Bithumb bosses blame bod's BYOD • The Register (Mar 7)
Hacking of 'Bithumb', the largest cryptocurrency exchange in Korea (Mar 7)
Bithumb employee hacked, leading to leak of personal information used in phishing campaign - Neowin (Mar 7)
Fourth largest Bitcoin exchange. Bithumb, hacked for billions of Won (Mar 7)
SlowMist Hacked - SlowMist Zone (Jun 26)
North Korean Hackers Threatened Bithumb Exchange With a $16M Ransom Amid the 2017 Data Breach, Says Report – Security Bitcoin News (Jun 26)

More case studies

QuadrigaCX
Contract Error

Unknown Ripple
Exchange Phishing Scam