Crypto Exchange Bithumb Hacked for $13 Million in Suspected Insider Job

South Korean crypto exchange Bithumb has had over $13 million in EOS stolen in a hack, but says customer funds are safe.

Mar 30, 2019 at 10:45 a.m. UTC
Updated Sep 13, 2021 at 9:02 a.m. UTC

Update (09:30 UTC, April 1, 2019): According to a report from CoinDesk Korea, Bithumb may have also lost 20.2 million XRP in the recent breach. The XRP, worth $6.2 million at current prices, was moved from Bithumb's wallet on March 29 in transactions that can be seen on XRPSCAN. The exchange is not yet confirming or denying the report.

The odds of Bithumb managing to retrieve the stolen funds may be small, according to crypto security expert Cosine Yu, co-founder of security firm SlowMist. The hacker has already managed to “launder” most of the stolen EOS and XRP, Yu said, meaning the assets have been transferred to a large number of addresses that are not necessarily owned by any exchanges.

“The laundering strategy this time is clever as the theft did not send most of the funds directly to addresses owned by exchanges. ... So it’s almost impossible for Bithumb to retrieve these funds,” Yu told CoinDesk. 


South Korean crypto exchange Bithumb has had around $13 million in the EOS cryptocurrency stolen in a hack it suspects was an insider job.

The company confirmed in statement on Saturday that it first spotted an “abnormal withdrawal” of the cryptocurrency through its monitoring system at 22:00 Korean time (13:00 UTC) on Friday, March 29.

The exchange suspended asset withdrawals and deposits on the platform after noticing the breach.

Bithumb stated:

"All the [stolen] cryptocurrency is owned by the company, and all members' assets are under the protection of a cold wallet."

According to a report from CoinDesk Korea, the exchange was hacked for a total of 3.07 million EOS, which was withdrawn from the exchange’s "hot" (internet connected) wallet through a series of transactions.

Based on the data from CoinMarketCap, EOS is currently trading at $4.22, making the total value of the coins lost around $13 million.

The company said in its statement that it suspects the hack was conducted by an insider, since no evidence of external exploit has been found.

Bithumb has already notified government agencies and is conducting an internal investigation. It said it's also working with major exchanges with the expectation of recovering some of the funds.

Additionally, the remaining assets in Bithumb's hot wallet have been removed to its cold (offline) wallet to prevent further losses until the manner of the breach has been identified and any vulnerabilities fixed.

According to CoinDesk Korea, Lee Sang Sun, described as one of the only EOS arbitrators in South Korea, said, "Overseas exchanges such as Bitfinex manage their EOS wallets with a multisig system, but Bithumb managed its with a single key." However, this detail is not confirmed at press time.

The news comes nearly a year after Bithumb was hacked for some $30 million-worth of cryptocurrencies. The exchange experienced an initial loss of 2,016 bitcoin, 2,219 ether and other coins, but later claimed to have retrieved $14 million-worth of the hacked funds.

Editor's note: Some statements were translated from Korean.

Bithumb image via Shutterstock

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
Terra’s LUNA Gains, Then Slides, After Do Kwon's Fork Proposal

Traders sold the tokens even as founder Do Kwon proposed a separate chain to make up for last week’s implosion of UST.

Traders sold the tokens even as founder Do Kwon proposed a separate chain to make up for last week’s implosion of UST.

2
Breaking Barriers to the Web 3 Creator Economy

The latest innovations in blockchain technology are enabling creators to earn more from their work and achieve an unprecedented level of autonomy.

The latest innovations in blockchain technology are enabling creators to earn more from their work and achieve an unprecedented level of autonomy.

3
How Not to Run a Cryptocurrency Exchange

At Japan's Liquid exchange, recently acquired by FTX, warnings were ignored, breaches unreported and employees berated and cursed at, insiders say.

At Japan's Liquid exchange, recently acquired by FTX, warnings were ignored, breaches unreported and employees berated and cursed at, insiders say.

4
Morgan Stanley Warns NFTs Next to Watch After UST Collapse, Bukele Announces Mega Banks Meeting in El Salvador

The most valuable crypto stories for Monday, May 16, 2022.

The most valuable crypto stories for Monday, May 16, 2022.