Bithumb cryptocurrency exchange hacked a third time in two years
CNE
South Korean cryptocurrency exchange Bithumb admitted to getting hacked again on Friday, March 29. This is the third such incident the platform has reported in the past three years.
This third hack was acknowledged in a short Korean and English message posted on the company's blog.
A Bithumb official said that around 10:15 pm, local time, the company detected abnormal withdrawals from its hot wallets --accounts used to support real-time transactions.
Hackers stole nearly $20 million
The company did not disclose how much currency it lost; however, cryptocurrency industry insiders were able to track down the large transactions leaving the exchange's wallet addresses around the time of the hack.
Based on currently available information, the attackers appear to have made off with around three million EOS, worth $13.4 million at the time of the hack, and another 20 million Ripple coins (XRP), worth another $6 million.
The entire timeline as below - h/t @evilcos @chiachih_wu
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
(SGT time zone)
3/29 9:40AM - Hacker account ifguz3chmamg was created via accountcreat
3/29 9 to 11PM - Bithumb wallet g4ydomrxhege has been transferred out 3,132,672 EOS to the hacker account, total 16 transactions
From a comment below.. $XRP wallet is hacked too ..
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
XRP hacked wallet address - rLaHMvsPnPbiNQSjAgY8Tf8953jxQo4vnu
stolen 20,000,000 xrp (worth $6,000,00)
OMFG 🤦🏻♀️🤦🏻♀️🤦🏻♀️
Bithumb told users that all the stolen funds were taken from a company-owned wallet and that all user funds are safe. Transactions were suspended for a short period, but the exchange is now up and running again.
North Korean hackers again?
This is also the third hack the company disclosed in the past two years. The first hack happened in July 2017, when hackers stole $7 million in Bitcoin and Ethereum, while the second incident took place in June 2018, when hackers stole $31 million worth of Ripple (XRP).
According to a report released by cyber-security firm Group-IB last October, the second hack was attributed to the Lazarus Group, a codename given to North Korea's cyber-espionage unit --known for its focus on hacking and stealing funds from real-world banks and cryptocurrency platforms, as a side activity to carrying out cyber-espionage intelligence gathering operations for the Pyongyang regime.
According to a Kaspersky report released this week, Lazarus Group is still carrying out operations targeted at cryptocurrency platforms. Coincidentally or not, this is also the third cryptocurrency exchange to go public with a hack in the past seven days, after DragonEx and CoinBene.
How to spot a fake ICO (in pictures)
More data breach coverage:
- Companies are leaking sensitive files via Box accounts
- Nokia firmware blunder sent some user data to China
- Card breach reported at Buca di Beppo, Planet Hollywood, and other restaurants
- Toyota announces second security breach in the last five weeks
- FEMA 'unnecessarily' shared data of 2.3 million disaster victims with contractor
- Cryptocurrency platforms DragonEx and CoinBene disclose hacks
- Facebook passwords by the hundreds of millions sat exposed in plain text CNET
- Facebook data privacy scandal: A cheat sheet TechRepublic