Crypto exchange compromises are back in the news. Professional hackers made off with nearly $19 million in EOS and XRP tokens, this time at the expense of the Bithumb exchange and its customers. Bithumb is one of the largest crypto exchanges in South Korea. News of the compromise went public when the exchange halted deposit and withdrawal services when its monitoring software detected “abnormal withdrawals.” In its notice to clients, Bithumb’s management team explained that it had “secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.” It also said that no customer deposits were lost.
Bithumb was also hacked last year, but this time around, there seems to have been a unique new twist. The roughly translated announcement also stated that: “The incident was an accident involving insiders.” According to Dovey Wan, the founder of cryptocurrency investment fund Primitive Ventures: “The hack occurred yesterday [Thursday] between one and three PM (GMT). Reportedly, the private key was stolen from EOS account g4ydomrxhege and the stolen EOS has been moved to other exchanges including Changelly, Huobi, KuCoin, Coinswitch, and EXMO.”
To the exchange’s credit, by acting quickly they were able to secure a portion of the stolen tokens before the hacker could make off with all of his loot. The breakdown of the breach was approximately three million EOS ($13 million) and up to 20 million XRP ($6 million). The claim is that the lost funds also belonged to the exchange. Customer account funds were said to be safe in “cold wallets.” The exchange team is also working with the Cyber Police Agency, the Korea Internet and Security Agency (KISA) and other cybersecurity firms to recover the missing funds.
An analysis, prepared by a user on Twitter and soon made public, disclosed that a good bit of the stolen EOS tokens had already been moved to other exchanges. The believed distributions were 662,000 EOS tokens to EXMO, followed by Houbi (263,000 EOS), Changelly (192,000 EOS), ChangeNOW (140,000 EOS), KuCoin (96,000 EOS) and others.
The belief that this hack was an insider job follows from the fact that an employee must have shared a confidential “private key” with the hacking group. Bithumb was recently in the news for having to cut back 50% of its staff, and management is inclined to think that there had been collusion with a disgruntled employee, thereby resulting in an “internal embezzlement incident.” The presumption is that the act could not have been carried out without the cooperation of an internal employee, who had access to the private keys of the accounts that were the targets of the compromise.
Bithumb has obviously installed better detection software since its breach in June of 2018. At that time, the exchange lost $30 million, but was later able to recover $14 million after investigating the details of the hack. This time around, the management of the exchange is confident that it will recover the entirety of the stolen funds by working with the police, cybercrime experts and collaborating with other exchanges. In the meantime, Bithumb has informed its clients that: “We will do our best to resume deposit and withdrawal as soon as possible to secure the service’s stability.”