Compromised!
Over three million EOS tokens have been stolen from South Korean-based cryptocurrency exchange Bithumb. This is the latest in a string of breaches for Bithumb, which was the victim of a previous attack in 2018, resulting in $30 million in cryptocurrencies being taken.
In the attack that occurred on March 29th, stolen tokens were sent to the account ifguz3chmamg, which were then sent to numerous different exchanges shortly afterwards.
Source: https://peckshield.com/
EOS block producers (if in consensus) can freeze and refund accounts on the network, but in this case, it may be too late. On top of that, 20 million XRP have also been stolen from the exchange address rnoypyy6ZnNm7QbMX3CX4zUp3g421QdahT, worth roughly $6 million at the time of theft.
Source: https://xrpcharts.ripple.com/#/graph/rnoypyy6ZnNm7QbMX3CX4zUp3g421QdahT
Confirmed and explained by a statement from Bithumb, the exchange noticed unusual withdrawal activity on its platform and admits that precautions were primarily taken against external threats and not internal ones, meaning that the theft could be the result of an inside job.
“About 10:15 pm on the 29th, we detected abnormal withdrawal of the company’s cryptocurrency through Bithumb’s abnormal trading monitoring system.
However, it was our fault that we only focused on defense of outside attack and lack of verification of internal staff.” – Bithumb statement (translated)
Negligence Costs Money!
While the question of why a business operating with millions of dollars in digital assets failed to conduct the necessary checks on its staff warrants a separate write-up in itself, Bithumb did hold itself accountable for the breach and states that no user funds were lost, as the attacker only plundered the hot (online) wallet.
“All the spilled cryptocurrency is owned by company, and all the member’s asset is under the protection of cold wallet.
According to the company’s manual, Bithumb secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.” – Bithumb statement (translated)
As the weeks progress, more information regarding the attack will come to light. If it is an inside job, serious questions will be raised on the standards of cryptocurrency exchanges and the safety of users. This will likely only incentivize authorities to clamp down harder on cryptocurrencies.
With the incidents surrounding Cryptopia and QuadrigaCX still in recent memory and Bithumb being compromised on a regular basis, the cryptocurrency community may forgive, but won’t forget.
This is not investment advice; please always do thorough research and only invest what you are willing to lose, especially in times of uncertainty.