Update1: The heading of this article was updated due to confusion among readers that stolen currency was in USD – The stolen money was in South Korean Won not in USD.
Bithumb, one of the largest Bitcoin and Ether exchange platforms, has been hacked resulting in a loss of billions of South Korean Won with a number of user accounts compromised. Information such as users’ phone numbers, email addresses, etc. have been leaked as such, reports Bravenewcoin.
Bithumb
As you may know, Bithumb is the fourth largest bitcoin exchange platform in the world after the U.S, China, and Japan and is the largest exchange for the ether market globally. It currently holds 75.7% share of the entire bitcoin market in South Korea regarding volume and facilitates the trading of more than 13,000 bitcoins every day and accounts for 44% of the total ether trade in the country.
Billions of South Korean Won lost due to cyber attack
According to the Kyunghyang Shinmun, a popular local newspaper in South Korea, the cyber attack took place last week in which Bithumb customers lost billions in South Korean Won. A survey of those who lost money from the hack reveals “it is estimated that hundreds of millions of won have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen.”
Although the details right now are limited it is estimated that during the hack, personal details of more than 30,000 victims were stolen including the victims’ names, phone numbers, and email address. According to the Kyunghyang Shinmun up till now, around 100 users have filed a complaint with the National Police Agency regarding the attack.
Bithumb says that there was no way to access users’ funds
Although the victims claim that their accounts have been wiped empty with all of their funds stolen, Bithumb, however, states that it is not possible for an attacker to gain direct access to user accounts just like that.
Also, Bithumb says that only a single person’s computer was hacked and not the entire network. It says that the loss of funds is the result of using disposable passwords to conduct digital transactions online.
“The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked. However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions,” Bithumb told the newspaper.
A case of ‘Voice Phishing’
Perhaps Bithumb is right about the fact that there is no way in which the hackers could have gotten direct access to the accounts of the victims. This is because some of the victims reported a case of voice phishing whereby they had received fake calls from hackers posing to be the official representative of Bithumb.
Essentially, the hackers have been calling the victims and saying that they are from Bithumb and suspect a breach has taken place. They then ask for the victim’s identification number which is nothing but the one-time password provided to them by Bithumb.
Once the password is known, the hacker can easily access the victim’s account and steal funds. One account according to the newspaper got the hackers a total of ten million South Korean Won, which is equivalent to $8,700.
Bithumb to compensate for the losses
Bithumb stated that it will be compensating the victims with a hundred thousand South Korean Won and will do so for any more losses that occur once they are confirmed.
The company has filed a report with the Korean Communications Commissions and the Korea Internet and Security Agency along with the Supreme Prosecutors’ Office.
Will Bithumb be held liable?
Up till now, the digital currency has not been given a legal standing in South Korea, and as such, it is uncertain as to whether Bithumb will be liable for the losses.
Regardless, at least 100 users have already sued the company for being negligent.
In response to the situation, the government has decided to revise the Electronic Financial Transaction Act and recognize digital currency as a legal medium of transaction.
However, the proposed bills will only allow companies with more than 500 million South Korean Won worth of capital who possess a large enough professional staff to manage such digital transactions. So, the decentralized currency may not be so decentralized after all in South Korea.
Not for the first time
This is not the first time when a digital currency wallet in South Korea has been hacked. Just a couple of months ago, another S. Korean Bitcoin exchange Yapizon was hacked and 3816.2028 Bitcoin (US$5 million) were stolen.