The renowned cryptocurrency exchange named ‘Bithumb’, probably the biggest bitcoin exchange with South Korea alongside Upbit exchange, has been recently ‘hacked‘ amounting to around $20 Mln. The firm said that its user funds held within their cold storage wallets is secure, however corporate funds were affected.
Bithumb Hack & Associated Factors – Yet Not Completely Clear
Offline or Cold storage wallets can be simply referred to as wallets that aren’t linked to the web. This technique is often used by major exchanges to eliminate the vulnerability of user funds in potential security breaches.
However, on the another hand, Bithumb added that it believes the hack was an inside job and funds might have been transferred by people related to the firm.
The recent Bithumb hack comes within a year later since after ‘Coincheck‘, the largest exchange in Japan, that was hacked and less than 9 months since Bithumb was last hacked earlier in last year.
Arriving Threat To Cryptocurrency Exchanges
Within the official statement, Bithumb said that its conducting intensive investigations with cybersecurity authorities in South Korea, acknowledging the incident as an insider job.
Explaining further, the statement added:
“Because of the ongoing internal scrutiny, it’s judged that the incident is associated with an ‘accident involving insiders.’ Supporting the facts, we are conducting an intensive investigations with KISA, Cybersecurity Police Agency and other security firms. However, at the same time, we are also collaborating with major exchanges and foundations and expect to assist us in recovering the losses of the cryptocurrencies equivalent.”
Bithumb aforementioned that the exchange has been more and more centered on preventing external attacks and hacking attacks within the past year, which is although very clear within the exchange ratings announced by the KISA [Korea Internet & Security Agency] earlier in August, last year.
Even earlier, KISA investigated all Bitcoin [BTC] exchanges operating in South Korea to search out potential vulnerabilities and poor security measures on the country’s cryptocurrency commercialism platforms.
The agency found most exchanges to possess weak security systems in situ but cleared Bithumb, Upbit, Korbit, Coinnest, Coinlink, Coinone, Coinplug, and Huobi for having sturdy security along with robust internal management systems.
While explaining further, Kim Jeong-sam, the information protection official at KISA, said at the time that:
“There still exists several cryptocurrency exchanges with subpar security systems and as such, investors are cautioned in investing through unrecognized platforms. The govt. will still continue monitoring the crypto-currency exchanges to enhance the quality of security being utilized by the trading platforms.”
As explained by Bithumb exchange, the firm failed to contemplate the chances of insiders together with staff and contractors breaching into the system of the exchange to steal the innumerable funds managed by the firm.
Damage Could Have Been More Severe
On the another hand. a positive takeaway from the incident is that Bithumb exchange kept most of its user funds in cold wallets that can’t be accessed by hackers and therefore the whole damage was limited to some extent.
More significantly, the hacked funds were reportedly sent to other ‘exchanges‘, which might be recovered or frozen immediately.
But, it still remains unsure how some organization may forestall similar incidents from occurring within the future, thereby preventing insiders from involving in such malicious activities.
The company added:
“Bithumb exchange is certified ISMS & applied to multi-signature withdrawals schemes. We are perpetually monitoring and blocking attempts of external hacking. However, it had been our fault that we totally solely focused on the defences of outside attack and lack of verification of internal employees.”
The exchange aforementioned that it’d basically overhaul its internal staff-men verification system and prohibit the authority workers and contractors have over the interior management system deployed by the firm.
However in all this scenario, it raises a new threat within the bitcoin exchange system, and within the near-term area, major cryptocurrency trading platforms are yet to discover a solutions to forestall similar incidents from arising in the future.