Bithumb Exchange’s $31 Million Hack: What We Know (And Don’t Know)

On Wednesday, roughly 35 billion Korean won (around $31 million) in cryptocurrency was stolen by hackers from the South Korea-based exchange Bithumb.

Although the breach may not be as significant as the $530 million hack of the Coincheck exchange earlier this year, the fact that Bithumb now ranks as the sixth biggest trading venue in the world still marks it as a notable, and worrying, incident.

While more details about the heist have surfaced in the hours following the event’s confirmation, providing a glimpse into Bithumb’s internal operations, some important questions about the hack still remain unanswered.

Here’s what we know about the hack so far, and some details we still don’t.

What we know

XRP reportedly compromised

While Bithumb has not yet disclosed details of the stolen coins bar their dollar amount, news emerged following the hack that XRP, the native token of the Ripple protocol, may have been targeted, according to reports from CoinDesk Korea and news agency Yonhap.

Based on data from CoinMarketCap, Bithumb accounted for 10 percent of the global trading volume of XRP over the last 24 hours, with a total of $32 million-worth changing hands.

Bithumb has so far not responded to CoinDesk’s request for comment.

IT improvement failed

While Bithumb officially confirmed the breach early Wednesday morning local time, it appears that security issues were already drawing attention from the exchange at least several days ago.

According to a follow-up report from CoinDesk Korea, Bithumb conducted a security enhancement checkup on June 16, just days before the confirmed hack.

The exchange explained at the time:

“Recently the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system.”

At the same time, Bithumb also started moving users’ assets to a cold wallet to store cryptocurrencies in a more secure offline environment.

The CoinDesk Korea report indicated that the hack comes at a time when Bithumb is spending 10 billion won, or around $9 million dollars annually on security measures. Another report from Yonhap further suggests that Bithumb beefed up its security measures by implementing so-called “5.5.7 regulations” last month.

Under this requirement, at least five percent of a financial institution’s staff should be IT specialists. Among those, five percent should focus on information security, while at least seven percent of the firm’s total budget should be on information security.

The report from Yonhap stated that 21 percent of Bithumb’s employees are technology specialists as of May, and 10 percent of those are responsible for information security. Further, about eight percent of the annual spending budget is used for data protection activities.

Although Bithumb appears to have fulfilled the 5.5.7 requirements, the report said the fact that it has 300 employees means it may not be able to cope with the increasing amount of trading volume and user numbers on its platform.

Government weighs in

An hour before Bithumb confirmed the hack on its website and official Twitter account, the exchange reported the case to the Korea Internet & Security Agency (KISA), a government organization that supervises internet and cybersecurity issues in the country.

An official from KISA said a dedicated analysis team is currently in the process of investigation the hack. As of press time, the agency has not yet disclosed any details from its investigation so far.

Bithumb to refund users

Immediately after announcing the hack, Bithumb confirmed it will pay back victims using its own reserves.

Industry experts later weighed in, including bitcoin pioneer Charlie Shrem, who praised the move despite the unwelcome incident.

“Bithumb hacked for $30 million but covering all losses. Out industry is getting better and stronger,” he tweeted.

In addition, litecoin creator Charlie Lee also commented that he believes the smart move is to “keep on exchange coins that you are actively trading. It’s best to withdraw right after trading.”

This is not the first time that Bithumb was reportedly hacked. As previously reported by CoinDesk, the platform was compromised last year with as many as 30,000 users impacted. At that time, Bithumb later announced that it would repay each victim with 100,000 Korean won each, an amount worth about $85.

Bitcoin price dips by $200 

According to data from CoinDesk, the price of bitcoin dropped by nearly $200 to a daily low so far of $6,561 an hour after Bithumb initially published the statement. As of press time, the price had bounced back to $6,640.

In addition, as Bithumb has so far only suspended asset deposits and withdrawals, trading activity on the exchange actually appears to be increasing since the news broke. Based on data from CoinMarketCap, 24-hour trading volume was initially seen at around $350 million at the time of the news and later climbed to $380 million around noon local time on Wednesday.

As of press time, Bithumb still remains the sixth largest platform globally.

What we don’t know

Extent of the breach

Aside from reports saying that XRP is one of the assets that was stolen in the hack, it’s still unclear at the moment what other assets have been lost and in what quantities. In addition, it’s also not clear the number of users on Bithumb that had been impacted.

In its announcement, Bithumb refrained disclosing these details, adding that it may disclose the hacked tokens today. It has not made any statement on that at press time.

Further, it’s not publicly known at this time which wallet addresses the hacked cryptocurrencies have been sent to, or whether any have been liquidated or not.

Currently, there are over 37 cryptocurrency assets on Bithumb that are available for trading against the Korean won. Among them, EOS and TRON together account for over half of the total trading volume on Bithumb, at 31 and 22 percent, respectively.

Cause of the breach

At this stage, Bithumb has not officially announced what exactly allowed the hackers to access its system, nor has it provided an estimated timeline for when asset deposits and withdrawals will resume.

Currently, the cybersecurity division of South Korea’s National Police Agency has sent seven investigators to Bithumb’s office in Seoul to conduct interviews and inspect servers, according to a report from Yonhap.

However, the news agency cited anonymous sources from the industry that malicious emails had been sent to Bithumb users earlier this month. This possibly led to the hack, as hackers would be able to obtain account information if users clicked on links inside the phishing email.

It remains to be seen whether more details on the cause will be forthcoming as the investigations by the firm and the authorities continue.

Regulatory situation

Bithumb’s hack marks the second cyber incident in the crypto industry in South Korea in recent days, and its second in less than a year. Less than two weeks ago, a breach at Coinrail is thought to have seen $40 million-worth of cryptocurrencies stolen. While, last year, a hack of the Youbit exchange notably led to the exchange filing for bankruptcy.

Apart from requiring domestic exchanges to enforce a real-name verification process, financial watchdogs in South Korea have not yet made any concrete move in regards to regulating exchanges in a legal framework.

It remains to be seen whether the Financial Services Commission will take a similar stance to its counterpart in the neighboring Japan.

Following the notable hack of Mt. Gox in 2014, which was the largest cryptocurrency exchange at the time, regulators in Japan moved to launch a legal framework in 2017 that would allow the authorities to issue licenses to qualifying exchanges.

Hack image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.