From Coincheck to Bithumb: 2018’s Largest Security Breaches So Far

Published at: June 27, 2018

On June 19, Bithumb, South Korea’s number one crypto exchange, was hacked. The attackers stole cryptocurrencies worth $30 million, making it one of the largest heists of the year so far. While the exchange has already promised to compensate its users, the damage has been done: yet again, it has become evident that even the biggest players cannot guarantee total safety.

Indeed, the crypto world hasn’t been the same since the Mt. Gox collapse. Still, it comes down to how these attacks are handled in the aftermath: while some go MIA or start diffusing the responsibility, others choose to rebuild their reputations step-by-step, steadily making amends with the community. Here’s how the largest hacks of 2018 so far have happened, and what their consequences have been.

Bithumb: “No damage” to the customers When: June 2018 Hacker’s prize: $30 million worth of cryptocurrencies Outcome: Drop in rating

On June 19, Bithumb, South Korea’s biggest crypto exchange, was hacked. Over 35 billion won (about $30 million) worth of cryptocurrencies was stolen. At the time of the attack, Bithumb was ranked as the sixth largest exchange by trade volumes globally but has since dropped to 10th place.

According to Cointelegraph Japan, the hackers hijacked Bithumb’s hot wallet. Coincidentally, the exchange started moving “all of asset[s]” to a cold wallet in order to upgrade its security system on June 16, days prior to the attack.

Once Bithumb’s team realized their service was being hacked, it halted all deposit and withdrawal services. In an official announcement made on June 21, the crypto exchange confirmed its intention of reimbursing the users affected of the theft. Moreover, Bithumb stated that their wallet system was undergoing “a total change” in order to prevent further attacks and claimed that there will be “no damage” to its customers as a consequence of the theft, emphasizing its strict separation of customer and company assets.

According to reports from local media, the country’s Ministry of Science and Technology has launched an investigation into the hack. Reportedly, the Korea Internet & Security Agency (KISA) also got involved in order to figure out how exactly the attack occurred, working closely with local police and other agencies. Allegedly, authorities have also sent officers to Bithumb’s offices in Seoul to collect data and records from the company’s computers.

The hijack occurred just weeks after Bithumb was cleared by the South Korean government, which found no evidence of wrongdoing at Bithumb after a three-month investigation, but ordered the exchange to pay 30 billion won (approximately $28 million) in taxes.

Bithumb has been hacked before. In July 2017, the personal data of 30,000 customers was stolen due to an employee’s computer becoming compromised, while some users reported losses as well.

Coinrail: Danger of FUD When: June 2018 Hacker’s prize: 40 billion won (approximately $37.2 million) Outcome: Mainstream media overreaction

When South Korean exchange Coinrail was hacked, the mainstream media reacted in full force. Bloomberg, the Wall Street Journal, Reuters and the Guardian all linked the cyber attack with the price drop of Bitcoin and altcoins — Bitcoin lost around 11 percent of its value at the time — albeit recognizing that Coinrail was a rather small operation, being the 99th largest crypto exchange at the time. Moreover, none of those articles mentioned another possible explanation of the price drop, such as U.S. regulators’ probe into price manipulation in the crypto market, which was happening at the same time. That, of course, outraged the community.

It was reported that Coinrail lost around 40 billion won ($37.2 million) worth of cryptocurrency, including 21 billion won worth of Pundi X and 14.9 billion won worth of Aston coins. As local news outlet Sedaily points out, Coinrail removed parts about reimbursement from its terms of service a week prior to the attack. However, the exchange reportedly explained the removal by saying that it was working with the government to revise the terms of the contract.

According to the exchange’s website, 70 percent of its assets have been transferred to cold storage, and “about 80 percent” of the stolen coins have been frozen or withdrawn in some way, as the exchange is under “system maintenance.” Coinrail plans to reopen around July 15.

Verge: Ignorance is bliss When: April-May Hacker’s prize: 35 million XVG (about $1.7 million) Outcome: Damaged reputation

Privacy-focused cryptocurrency Verge (XVG) has been hacked twice — thrice, considering that its Twitter account was taken over in March, as well — in the past few months.

In the beginning of April, reports about Verge being hacked started to emerge. Apparently, the attackers exploited a bug that allowed the manipulation of block mining timestamps. Using the code’s flaw, they had the ability to create illegitimate coins out of nowhere, stealing 250,000 XVG as a result. Verge called the incident “a small hash attack” and claimed that funds were only exploitable for three hours. On Bitcointalk.org, a member of the Verge team wrote “we're kinda glad this happened and that it wasn't as bad as it could have been.” In response, the message board user OCMiner noticed that developers apparently ‘resolved’ it by accidentally launching a hard fork. XVG lost about 25 percent of its value in reaction to the news.

On May 21, Verge was hacked again, as its team tweeted that their mining pools were under a DDoS attack. This time, 35 million XVG (about $1.7 million) was stolen over a period of a few hours, and XVG went down by a little over 14 percent.

OCMiner, who called attention to the first security breach, pointed out Verge’s vulnerability on the message board again, stating that “since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions.” XVG’s price is at $0.026131 as of press time, its lowest for the past three months, according to Coinmarketcap.

Coincheck: Compliance and transparency When: January Hacker’s prize: 532 million NEM coins Outcome: Coincheck survived the hack and the FSA pressure, was bought

In January, the Tokyo-based exchange Coincheck was hacked. Coincheck had to freeze all operations after it lost 523 million NEM coins — worth approximately $534 million at the time — on January 26. The coins were lifted through several unauthorized transactions from a hot wallet (according to Coincheck representatives, the hackers managed to steal the private key for it) where NEM coins were being stored, enabling them to drain the funds. Later in the day, NEM Foundation president Lon Wong called it "the biggest theft in the history of the world." Indeed, the Coincheck hack was larger than that of Mt. Gox by about $50 million in terms of stolen funds.

Soon after the security breach occurred, Coincheck held a press conference. There, the Coinbase team explained that NEM coins were indeed being held on a simple hot wallet rather than a much more secure multisig wallet, as the security setup differs between various coins on the exchange. They stressed that other cryptocurrencies on the platform were stored in multisig wallets and confirmed that the stolen funds belonged to customers. The Coincheck team also promised to refund their clients.

In March, a local news outlet — the Nikkei Asian Review — wrote that malware emails were sent to several members of Coincheck staff weeks before the attack, which might have opened the employee email system to allow the hackers to steal the private key.

In the aftermath of the attack, 10 crypto traders filed lawsuits in mid-February over Coincheck’s freezing of crypto withdrawals. 132 more crypto investors filed another lawsuit in early March, seeking around 228 million yen (around $2 million) in damages. Nevertheless, Coincheck made good on its promise, as in mid-March the exchange platform started to refund the affected customers and allowed the withdrawal and sale of certain cryptocurrencies.

During the process of handling the aftermath, Coincheck had shown full compliance with the FSA, Japanese regulatory body that oversees the crypto industry in the country. Soon after the cyberattack, the FSA conducted on-site inspections of 15 exchanges and sent business improvement orders to seven of these exchanges, including Coincheck. After the inspection, the exchange opted to drop three anonymity-based coins from its list.

In April, the traditional Japanese financial services provider Monex Group bought 100 percent of shares of Coincheck Inc, for 3.6 billion yen ($33.5 million). The new owner soon announced plans for international expansion. So, overall, Coincheck seems to have rebounded after the massive hit.

BitGrail: Let’s play the blame game (and get sued) When: February Hacker’s prize: 17 million XRB tokens Outcome: Firms wallets seized through court

On February 8, Italian cryptocurrency exchange BitGrail claimed that $195 million worth of customers’ cryptocurrency in Nano (XRB, formerly known as Raiblocks) was stolen in what could be perhaps the shadiest hack on this list, as the blame is still being shifted between BitGrail founder Francesco Firano and the Nano development team.

Essentially, a day after BitGrail was ‘hacked,’ and 17 million XRB tokens were drained from the exchange’s wallets, Nano developers made an official comment showing that BitGrail’s owner and operator Francesco “The Bomber” Firano had asked for the coin’s ledger to be altered. “[...] Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue,” Nano wrote in a Medium post.

The Nano team then published alleged evidence that some of the withdrawals Firano claimed were the result of a hack had occurred as early as October of 2017. Firano denied those findings, which are contestable because Nano does not record transaction dates directly to its blockchain. At one point, he implied that transactions were somehow removed and restored in a later date, which is technically unattainable due to the nature of blockchain. In an interview with Cointelegraph, Firano also stated that it would be “impossible to refund the stolen amount” and argued that the timestamp technology of Nano and that the block explorer of the cryptocurrency is not reliable. The Nano blockchain network did a re-synchronization of its nodes, providing every block or transaction missing before January 19 with timestamps. This suggested that all transactions were, in fact, recorded accurately.

Nevertheless, BitGrail users still haven’t received a definitive answer as to what precisely lead to the incident, and they headed to the courtrooms. On April 5, a class action lawsuit was filed in the U.S. on behalf of investors. The Nano team supported them, stating that they would even help pay the lawyer bills of those who sought to battle BitGrail in court.

In March, after legal pressure was applied, BitGrail announced plans to refund their users, but only if those users stopped trying to sue the exchange. In a press release, BitGrail said that, “the use of the platform for the victims of the theft will be bound by the signature of a settlement agreement. The latter will be characterized by an expressed renouncement from the users to every type of legal action, and will have to be formalized through the compilation of a form.”

Thus, Bitgrail intended to pay back its users by creating a token, Bitgrail Shares (BGS). The customers who were affected by the heist were refunded 20 percent of their lost amount in XRB, with the remaining 80 percent supposed to be covered by BGS. Nonetheless, BitGrail once again claimed that they are not taking the responsibility for the hack, continuing to point fingers at Nano and its alleged protocol problems.

On June 15, the BitGrail case took another turn, as the BTC stored in the firm’s wallets were confiscated by Italian law authorities. The funds were removed following a court order by the Tribunal of Florence on June 5, but did not mention the current value of the seized assets. The court order was triggered by a petition filed by the victims of the BitGrail hack.

Smaller hacks: MyEtherWallet, BlackWallet and Binance

In January, a DNS hijack led to hackers stealing $400,000 worth of Stellar Lumen (XLM) coins from wallets of Blackwallet.co. The attackers took over the service’s hosting server and changed settings to send the coins to their address.

Similarly, over $150,000 worth of ETH was stolen in the DNS attack on crypto wallet MyEtherWallet (MEW) in April. The attack recalled the allegations of a DNS hack levelled at MEW in January by the developers of altcoin Ethereum Blue, radically denied at the time by MEW team, who called it “a stupid lie.”

On March 7, the users of Binance, the world’s largest crypto exchange by trading volume, were affected by a hack of third-party software. That resulted in unauthorized transactions being made from their accounts. However, as CEO of Binance Changpeng Zhao soon declared, all users’ funds were safe, and the exchange returned to operating normally. On March 11, Binance said it was offering $250,000 in Binance Coin (BNB) for the first person to supply the information that would result in the legal arrest of the attacker.

Tags
Related Posts
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Developer Who Successfully Hacked Bitcoin Wallet Ensures BTC Is Still Safe
John Cantrell, Bitcoin and Lightning Network project developer, recently revealed he had successfully hacked a Bitcoin address. His article, however, received a number of responses with many concluding Bitcoin isn’t secure. Cantrell felt people missed the point of the exercise so, in a tweet thread on June 19, explained and ensured people that despite hacking a wallet, Bitcoin is still safe. Takes forever to crack the wallet According to Cantrell, bitcoins stored in a wallet generated from a 12-word mnemonic is secure. The only reason why he was able to hack the Bitcoin wallet was because the wallet’s owner publicly …
Technology / June 21, 2020
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019