Bithumb found ‘partially liable’ for a 2017 hacking incident
A judge in the Seoul Central District Court dismissed two claims filed by individuals against the controversial crypto exchange, Bithumb. The individuals were seeking $126,000 and $38,000 respectively for damages related to a data breach incident back in 2017.
According to Fn News, plaintiffs Hong and Seo (both named only by their surname) stated that they had lost money due to a phishing attack using private data that was extracted in a hack of Bithumb. The third claimant, Jang, was granted $5,000 to cover his total loss. This amount reflects a much lower dollar value than his initial $27,200 claim.
In all three cases, the court said that the exchange was guilty of negligence, as they could have allocated more resources in terms of security to prevent the massive data breach incident.
The judge, however, found both Bithumb and Jang partially responsible, noting that the victim provided details that were not originally included in the data which was exfiltrated from the exchange.
In order to enact the attack, the cybercriminal impersonated a Bithumb customer center agent, providing Jang information that he believed only a Bithumb employee would have.
The hacker then told Jang that he had a suspicious login attempt on his account and needed a verification code sent to his phone number to help block the suspicious access. Once access was given, the threat actor proceeded to convert XRP and ETH held by Jang into fiat.
The court resolution comes shortly after South Korean police raided Bithumb’s offices on September 2.
The raid was conducted by the intelligence crime unit at the Seoul Metropolitan Police Agency. It was purportedly connected with an ongoing police investigation involving Lee Jung Hoon, chairman of the board at Bithumb Korea and Bithumb Holdings.