Crypto Exchange Bithumb Reportedly Hacked of Almost $19 Mln in EOS, XRP

Published at: March 30, 2019

This article has been updated to provide further details on the hack.

Today, March 30, crypto exchange Bithumb posted on Twitter that their cryptocurrency withdrawals and deposits have temporarily been paused.

In an explanation linked to the tweet, the exchange writes that at 10:15 (time zone unknown) on the 29th, they detected what they describe as abnormal withdrawals through their monitoring system.

The exchange notes that they have “secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.”

According to the translated note, the incident was an “accident involving insiders.” In its updated blog post, Bithumb points out that it was the exchange’s fault that it only focused on protection from outside attacks and did not verify its staff. The announcement promises that the incident won’t repeat itself, since the company is developing its workforce verification system.

The exchange’s EOS hot wallet started sending EOS to the attacker’s address yesterday until the company realized the attack was ongoing and started to move the funds to the cold storage wallet, which seemingly has not been compromised.

More than 3 million EOS (about $12.5 million) have been transferred from the hot wallet. The company since pointed out that all the funds which have been stolen were those of the exchange, and that the users’ funds are in the cold wallet. According to cryptocurrency news outlet The Block Crypto, around 20 million Ripple (XRP) (equivalent to about $6.2 million) have also been stolen.

This is the second hack that the exchange encountered in under a year. In the investigation after the last hack, the exchange recovered $14 million of the stolen funds and the exchange stated that it expects to recover the losses this time as well. Bithumb claims to be currently conducting intensive investigations with the cyber police agency, the Korean internet & Security Agency (KISA) and cybersecurity companies.

The exchange also notes out that it expects to recover the to recover the loss. Lastly, the company notes:

“We will do our best to resume deposit and withdrawal as soon as possible to secure the service’s stability.”

An analysis of the flow of the stolen funds by a Twitter user shows that a portion of the funds is already being distributed to exchanges, while another portion has been moved to other addresses. The exchange that received the most funds (662,000 EOS) is EXMO, followed by Houbi (263,000 EOS), Changelly (192,000 EOS), ChangeNOW (140,000 EOS), KuCoin (96,000 EOS) and others.

Changelly has published a post today, claiming that the instant exchange has been able to identify and freeze 243,000 XRP ($76,000) and 114,000 EOS ($479,000) believed to be proceed from the Bithumb hack. The XRP has been sent to Changelly in eight different transactions, while the EOS was sent in 52, and the associated wallet addresses have been blacklisted.

A Twitter user has also suggested that the hack may be related to the recent BitHumb’s layoffs. Last week, it was reported that BitHumb is currently cutting up to 50 percent of its workforce.

Cointelegraph will update this story as it continues.

As Cointelegraph also recently reported, data scientists at blockchain infrastructure firm Elementus have published details of recent transactions from crypto exchange CoinBene that they consider to be suspect, beginning with $105 million in crypto swiftly being moved out of the exchange’s hot wallet.

With additional reporting from Adrian Zmudzinski.

Tags
Related Posts
Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?
This article was updated to reflect that Bitrue has now acknowledged the hack of its platform. Throughout the past six months, seven crypto exchanges have reportedly seen large-scale hacking attacks to the tune of tens of millions of dollars, with the most recent platform to suffer a security breach being GateHub. As the global crypto exchange market continues to see an increasing number of security breaches leading to the loss of user funds, investors may become reluctant to rely on centralized exchanges to store funds. Bitrue hack The month of June was characterized by two unfortunate cryptocurrency thefts. On June …
Bitcoin / June 18, 2019
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019
Crypto Exchange Service Helps Bithumb Recover 1 Million XRP After Massive June Hack
Hong Kong-based crypto exchange service Changelly has announced that it helped South Korean exchange platform Bithumb recover 1,063,500 Ripple (XRP) in stolen assets following a massive hack in June, a press-release stated, Oct. 26. In June 2018, hackers attacked South Korea’s leading crypto exchange Bithumb. As soon as security specialists had detected the theft, the exchange temporarily suspended all deposits and withdrawals, and moved its customers’ funds to a cold wallet. Bithumb initially lost over $30 million worth of cryptocurrencies due to the hack. Four months after the incident, Bithumb recovered approximately $14 million in stolen digital assets after it …
Bitcoin / Oct. 30, 2018
From Coincheck to Bithumb: 2018’s Largest Security Breaches So Far
On June 19, Bithumb, South Korea’s number one crypto exchange, was hacked. The attackers stole cryptocurrencies worth $30 million, making it one of the largest heists of the year so far. While the exchange has already promised to compensate its users, the damage has been done: yet again, it has become evident that even the biggest players cannot guarantee total safety. Indeed, the crypto world hasn’t been the same since the Mt. Gox collapse. Still, it comes down to how these attacks are handled in the aftermath: while some go MIA or start diffusing the responsibility, others choose to rebuild …
Bitcoin / June 27, 2018
Hacked S. Korean Crypto Exchange Bithumb Confirms It Will Reimburse Affected Users
South Korean crypto exchange Bithumb has today confirmed it will reimburse users affected by the theft of 35 bln won (about $30 mln) from its hot wallet two days ago, in an official announcement today, June 21. At the time of the hack, Bithumb was ranked sixth largest crypto exchange by trade volumes globally, but has now dropped to tenth place following news of the high-profile incident. Bithumb today says there will be “no damage” to its customers as a consequence of the theft, emphasizing its strict separation of customer and company assets, the latter of which it says are …
Bitcoin / June 21, 2018