Hackers stole $19 Million from Bithumb cryptocurrency exchange

A new cyber heist made the headlines, the victim is Bithumb,
the South Korea-based cryptocurrency exchange and hackers stole $19 Million.

Hackers have stolen nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based cryptocurrency exchange.

The news was first reported by the Primitive Ventures’ Dovey Wan, hackers compromised a number of Bithumb’s hot EOS and XRP wallets and transferred around 3 million EOS (roughly $13 million) and 20 million XRP (~ $6 million) to accounts under their control.

Then crooks transferred the stolen funds to multiple accounts they operated on other cryptocurrency exchanges, including Huobi, HitBTC, WB, and EXmo, via ChangeNow, a non-custodial crypto swap platform that
has no maximum amount for crypto exchange.

Once the attack was discovered, Bithumb quickly halted its deposits and withdrawals process, the company also speculated that the incident allegedly involved insiders.

“About 10:15 pm on the 29th, we detected abnormal withdrawal of the company’s cryptocurrency through Bithumb’s abnormal trading monitoring system.” reads a statement published by the exchange.

“All the spilled cryptocurrency is owned by company, and all the member’s asset is under the protection of cold wallet.

According to the company’s manual, Bithumb secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.

As a result of the internal inspection, it is judged that the incident is an “accident involving insiders”.”

Bithumb is conducting an intensive investigation along with KISA, Cyber Police Agency and security companies.

Bithumb was hacked multiple times in the past two years. In June 2018,
the South Korean cryptocurrency exchange confirmed that hackers stole 35 billion won ($31.6 million) worth of cryptocurrency between June 19 and June 20. In July 2017 hackers have stolen more than $1 Million in Bitcoin and Ether cryptocurrencies from the accounts of several users of the exchange.

Changpeng Zhao, CEO of Binance cryptocurrency exchange, posted an interesting representation of the way the attackers have distributed his funds after stealing it from Bithumb.

The attackers have stolen the private key for the EOS hot wallet account belonging to Bithumb (g4ydomrxhege) and used it to transfer the funds to the address “ifguz3chmamg” under their control.

“We deeply apologize to our members for delaying the cryptocurrency deposit and withdrawal service,” Bithumb said.

Bithumb is currently working with major cryptocurrency exchanges and foundations in the attempt of recovering the stolen crypto coins.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – cryptocurrency, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]