Bithumb believes that, unlike in past incidents, this theft was the work of rogue insiders.
Major South Korea-based cryptocurrency exchange Bithumb has announced that it was hit by a heist that impacted its own virtual coins.
The exchange didn’t say how much was lost. However, ZDNet wrote that cryptocurrency insiders tracked down the outgoing transactions from Bithumb’s wallet address, finding that some three million EOS and 20 million Ripple coins were stolen. They were worth US$13.4 million and US$6 million, respectively.
Bithumb apologized for the incident, but gave assurances that no user funds were impacted. The exchange said that, once it detected abnormal withdrawals, it placed all user funds into a cold wallet and blocked all deposits and withdrawals.
Cold-storing is a method used for the long-term storage of cryptocurrencies offline in order to reduce the likelihood of funds being stolen.
The exchange said that the incident “involved insiders” and admitted that it had focused only on defending itself from external attacks while suffering from a “lack of verification of internal staff”. This will be fixed, said Bithumb, which is also confident that it will recover the stolen virtual coins.
Two weeks ago, it was reported that Bithumb would lay off around half of its 310 employees.
Bithumb isn’t new to cryptocurrency heists. In February 2017, attackers broke into the home computer of a Bithumb employee and stole the personal details of more than 30,000 customers. The information then acted as a springboard for phishing scams that ultimately led to the siphoning of bitcoins worth over US$1 million. In June 2018, another incident saw hackers steal over US$30 million worth of virtual currency from the exchange’s customers.
written by Tomas Foltyn, ESET We Live Security