On Wednesday, June 20, 2018, roughly 35 billion Korean won (around $31 million) in cryptocurrency was stolen by hackers from the South Korea-based exchange Bithumb. Although the breach may not be as severe as the $530 million hack of the Coincheck exchange earlier this year, the fact that Bithumb now ranks as the sixth biggest trading venue in the world. While Bithumb has not yet disclosed full details of the stolen coins, news emerged following the hack that XRP, the native token of the XRP ledger and the world’s third-largest cryptocurrency, has been targeted, according to a report from CoinDesk Korea. Based on data from CoinMarketCap, Bithumb accounted for 10 percent of the global trading volume of XRP over the last 24 hours, with a total of $32 million-worth changing hands.

While Bithumb officially confirmed the breach early Wednesday morning local time June 20, 2018, it appears that security issues were already drawing attention from the exchange at least several days ago. According to a follow-up report from CoinDesk Korea, Bithumb conducted a security enhancement checkup on June 16, 2018, just days before the confirmed hack. Recently, the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system. At the same time, Bithumb also started moving users’ assets to a cold wallet to store cryptocurrencies in a more secure offline environment.

The CoinDesk Korea report indicated that the hack comes at a time when Bithumb is spending 10 billion won, or around $9 million dollars annually on security measures. Another report from Yonhap further suggests that Bithumb beefed up its security measures by implementing so-called “5.5.7 regulations” last month. Under this requirement, at least 5 percent of a financial institution’s staff should be IT specialists. Among those, 5 percent should focus on information security, while at least 7 percent of the firm’s total budget should be on information security. The report from Yonhap stated that 21 percent of Bithumb’s employees are technology specialists as of May, and 10 percent of those are responsible for information security. Further, about eight percent of the annual spending budget is used for data protection activities. Although Bithumb appears to have fulfilled the 5.5.7 requirements, the report said the fact that it has 300 employees means it may not be able to cope with the increasing amount of trading volume and user numbers on its platform.

Bithumb reported the case to the Korea Internet & Security Agency (KISA), a government organization that supervises internet and cybersecurity issues in the country;  and an official from KISA said a dedicated analysis team is currently in the process of investigating the hack. Bithumb has not officially announced what exactly allowed the hackers to access its system, nor has it provided an estimated timeline for when asset deposits and withdrawals will resume. Currently, the cybersecurity division of South Korea’s National Police Agency has sent seven investigators to Bithumb’s office in Seoul to conduct interviews and inspect servers, according to a report from Yonhap. However, the news agency cited anonymous sources from the industry that malicious emails had been sent to Bithumb users earlier this month. This possibly led to the hack, as hackers would be able to obtain account information if users clicked on links inside the phishing email.

Immediately after announcing the hack, Bithumb confirmed it will pay back victims using its own reserves. According to data from CoinDesk, the price of bitcoin dropped by nearly $200 to a daily low so far of $6,561 an hour after Bithumb initially published the statement, bouncing back to $6,640. In addition, as Bithumb has so far only suspended asset deposits and withdrawals, trading activity on the exchange actually appears to be increasing since the news broke. Based on data from CoinMarketCap, 24-hour trading volume was initially seen at around $350 million at the time of the news and later climbed to $380 million around noon local time on Wednesday June 20, 2018. As of press time, Bithumb still remains the sixth largest platform globally.

It appears that XRP is one of the assets stolen in the hack, yet it’s still unclear at the moment if other assets have been taken and in what quantities. In addition, it’s also not clear the number of users on Bithumb that have been impacted. In its announcement, Bithumb refrained disclosing these details, adding that it may disclose the hacked tokens later. Further, it’s not publicly known at this time which wallet addresses the hacked cryptocurrencies have been sent to, or whether any have been liquidated or not. Currently, there are over 37 cryptocurrency assets on Bithumb that are available for trading against the Korean won. Among them, EOS and TRON together account for over half of the total trading volume on Bithumb, at 31 and 22 percent, respectively.

Bithumb’s hack marks the second cyber incident in the crypto industry in South Korea in recent days, and its second in less than a year. Less than two weeks ago, a breach at Coinrail is thought to have seen $40 million-worth of cryptocurrencies stolen. While, last year, a hack of the Youbit exchange notably led to the exchange filing for bankruptcy. Apart from requiring domestic exchanges to enforce a real-name verification process, financial watchdogs in South Korea have not yet made any concrete move in regards to regulating exchanges in a legal framework. It remains to be seen whether the Financial Services Commission will take a similar stance to its counterpart in neighboring Japan. Following the notable hack of Mt. Gox in 2014, which was the largest cryptocurrency exchange at the time, regulators in Japan moved to launch a legal framework in 2017 that would allow the authorities to issue licenses to qualifying exchanges.

 Contributed by Magdalena A K Muir

Sources

Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t), https://www.coindesk.com/bithumb-exchanges-31-million-hack-know-dont-know/