Crypto Exchanges Collaborate With Bithumb to Freeze Stolen Funds After Major Hack

Published at: April 18, 2019

In late March, major South Korean cryptocurrency exchange Bithumb lost around $18 million as a result of a hack. While the details are still sketchy — for instance, it is unclear whether or not it was an inside job, as Bithumb initially claimed — a large portion of the stolen funds have been frozen by various exchanges who received them from hackers attempting to sell the loot.

However, despite Bithumb stressing that the hijacked assets belonged to the company and not to its clients, the customers still can’t access their funds, since withdrawals and deposits have been disabled as part of the security measures.  

Bithumb reportedly lost 3 million EOS and 20 million XRP, claims it was an inside job

On March 29, Bithumb experienced what it described as “abnormal withdrawals” through its monitoring system. Then, as per the company's manual, the exchange reportedly moved all remaining funds to a cold wallet. Additionally, deposits and withdrawals have been disabled on the platform for security reasons. In the accompanying blog post issued the day after the incident, Bithumb also assumed that the security breach was performed by insiders, citing the results of an internal inspection.   

Moreover, Bithumb blamed itself for the security breach. Specifically, the exchange team admitted that it only focused on protection from outside attacks and did not verify its staff, according to an announcement by the company. Bithumb also promised that the incident won’t occur again, because a workforce verification system is allegedly already in the works.

“We are working with major exchanges and foundations and expect to recover the loss of the cryptocurrency equivalent,” Bithumb’s statement reads. “Also we promise that we will open our progress clearly with social responsibility as a global leader company.”

Interestingly, while Bithumb never directly disclosed how much cryptocurrency was lifted in any updates regarding the hack, it has been established that more than 3 million EOS (about $12.5 million) were transferred from its hot wallet during the security breach. Moreover, according to cryptocurrency news outlet The Block, around 20 million XRP — the cryptocurrency created by Ripple — (equivalent to about $6.2 million) were also stolen.

Notably, Bithumb has stressed that the embezzled funds were owned by the company and that all assets belonging to its users are now under the protection of a cold wallet, which allegedly has not been compromised.

Thus, deposits and withdrawals on Bithumb have been disabled for more than two weeks at this point, although the exchange has announced that it will start accepting deposits and withdrawals for bitcoin (BTC) and ether (ETH) “with enhanced security” starting on April 17, 15:00 (presumably GMT+9). It is currently unclear if the trading has actually continued for those cryptocurrencies, as Bithumb has ignored Cointelegraph’s requests for comment.

Notably, earlier this year, South Korean tech news outlet ZDNet reported that Bithumb was one of just seven cryptocurrency exchanges that have passed a security audit performed by local regulators.

Major part of the stolen funds have been frozen by various exchanges

As mentioned above, Bithumb has insisted that the hijacked funds were entirely company-owned, and hence did not represent customers’ assets. In an attempt to prove this, on April 11, the South Korean crypto exchange published what it presented as results of an alleged professional external audit of its funds conducted on April 8, a little over a week after the hack.

“We have stated that we will conduct fair and objective due diligence on all assets that we have through a reliable external Audit,” the statement reads, linking to the accounting firm’s statistics. Bithumb’s statement continued:

“We are pleased to inform you that our members' valuable assets are managed and maintained in a systematic / safe manner through the attached due diligence report.”

Nevertheless, the exchange’s clients have been stripped of the option to withdraw their funds from the platform, because that option was disabled soon after the incident occurred. In one of the statements, Bithumb also claimed they were working with the Korean police, Korea Internet & Security Agency (KISA) and unspecified “security companies” to deal with the aftermath.

The news about the hack was initially broken by Dovey Wan, founding partner at blockchain-focused Primitive Ventures, who also tweeted that part of the stolen EOS had ended up on a number of exchanges, while another portion had been moved to other addresses. Thus, Wan wrote, the exchange that received the most funds (662,000 EOS) was Exmo, followed by Huobi (263,000 EOS), Changelly (192,000 EOS), ChangeNOW (140,000 EOS) and KuCoin (96,000 EOS). According to blockchain security company PeckShield cited by The Block, smaller portions of the funds were also sent to CoinSwitch, BW, Binance and HitBTC.

The head of business development at Exmo, Maria Stankevich, confirmed to Cointelegraph that 662,600 EOS (around 22% of the total stolen sum) ended up on its servers.

“Due to really hard work of the whole team and sleepless night we managed to block almost all the funds.”

Now, Exmo is waiting for Bithumb to send an official inquiry to its British address so that the exchange can transfer the stolen assets back in accordance with the local law and GDPR-compliance processes. “We are in touch with Bithumb, they are doing all the necessary legal procedures right now,” Stankevich told Cointelegraph.

Huobi, which reportedly received 263,605 EOS (around 8.7%) of the stolen funds, also verified to Cointelegraph that its security team detected and subsequently froze the assets related to “the blacklisted account(s).”

ChangeNow has published a blog post confirming that “part of the funds worth more than half a million USD worth of EOS and XRP” were sent to its wallets. Soon after receiving a message from Bithumb about the ongoing hack, ChangeNow temporarily disabled EOS and XRP deposits, and blacklisted all the malicious addresses received from Bithumb. Pauline Shangett, the marketing and PR manager at ChangeNow, told Cointelegraph:

“We have been contacted by Bithumb representatives with regards to getting the funds returned to them, and their case is being processed in close collaboration with them and the Korean police. To our knowledge, the investigation is still ongoing.”

Changelly’s chief security officer, Sophia Lee, informed Cointelegraph that, as per its recent blog entry, $480,000 in EOS and $76,000 in XRP funds have been frozen until further investigation:

“Unfortunately, we’re not in the capacity to make any comments about our communication with the Korean police at a time. Currently, we’re finalizing the report with data about transactions, so there is no public statement just yet.”

KuCoin and CoinSwitch have also confirmed to Cointelegraph that they detected some of the embezzled assets funds in their wallets. Jing Cheung of KuCoin wrote via email:

“We have frozen the suspicious accounts per Bithumb's and Korean police's requests. We are now waiting for the instructions from Korean police regarding how could we return these digital assets.”

The CoinSwitch team told Cointelegraph that, although they run a noncustodial service that holds user funds only during the time of exchange, they were able to freeze some of the assets associated with the hack.

Cointelegraph has also reached out to Binance for further comment, but they declined to comment.

The account that was used to steal EOS from Bithumb is still live, according to data obtained from Eosq. Although the majority of the embezzled assets have been transferred to other addresses, some people seem to be sending dust transactions to the account in order to ask for the money via the comment section.

It is still unclear whether or not it was an insider job

As mentioned above, Bithumb was quick to argue that the security breach was performed by insiders. That raised suspicion among some Reddit users, who suggested that it was a damage-control tactic for the exchange, which experienced an even larger hack in June 2018. Redditor u/suibhnesuibhne wrote:

“Better to say an inside job after their last hack.”

Moreover, according to recent reports from local media, the Cyber ​​Investigation Department of South Korea’s National Police Agency has seized an external server as part of the investigation held at Bithumb’s office after discovering that it could have been involved in the attack. A police representative also told the newspaper that, regardless of whether the attack was performed from the inside or outside, it appears to be difficult to track the fraudsters, as they used multiple ways to cover their trail.

Bithumb gets hacked among other bad news, but receives $200 million in investments

The security breach happened against the backdrop of other bad news for Bithumb. First, in March, reports emerged suggesting that the company was cutting up to 50% of its workforce. Specifically, it was reported that Bithumb was reducing its staff from 310 to around 150.

“Voluntary retirement is part of our support program for former employees and is intended to provide assistance and training for job placement. Apart from that, [Bithumb’s] trading volume has decreased compared to the previous year, [so] we are trying to provide internal measures. We will continue to add necessary personnel for various new businesses,” according to an unnamed Bithumb official at the time.

Then, in April, local daily news outlet The Korea Times reported that Bithumb had a net loss of 205 billion won ($180 million) in 2018 due to the prevailing bear market. Citing data from the exchange’s operator, BTCKorea.com, the newspaper revealed that South Korea’s largest exchange experienced extensive losses despite its sales growing 17.5% compared to 2017.

Nevertheless, earlier this week, the Blockchain Exchange Alliance (BXA), which became Bithumb’s parent company after acquiring a controlling share in BitHumb Holdings in January, secured $200 million in funding from Japan’s ST Blockchain Fund. As Cointelegraph Japan wrote, the money will allow BXA to expand the international side of Bithumb and roll out new trading pairs.

Tags
Xrp
Eos
Related Posts
Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?
This article was updated to reflect that Bitrue has now acknowledged the hack of its platform. Throughout the past six months, seven crypto exchanges have reportedly seen large-scale hacking attacks to the tune of tens of millions of dollars, with the most recent platform to suffer a security breach being GateHub. As the global crypto exchange market continues to see an increasing number of security breaches leading to the loss of user funds, investors may become reluctant to rely on centralized exchanges to store funds. Bitrue hack The month of June was characterized by two unfortunate cryptocurrency thefts. On June …
Bitcoin / June 18, 2019
Police summon Bithumb chairman for questioning over alleged fraud
The drama over alleged fraud involving Bithumb’s senior executives continues as the company’s chairman has reportedly been summoned for interrogation. The Seoul Metropolitan Police Agency is purportedly seeking to question Lee Jung-hoon, chairman of board at Bithumb Korea and Bithumb Holdings, according to a Sept. 18 report by South Korea’s state-run news agency Yonhap. As reported, Lee is allegedly accused of multiple fraud and embezzlement offenses regarding the failed listing of the BXA token. The purported fraud caused investor damages of up to 30 billion won ($25 million), the report notes. The police are also reportedly looking to question Lee …
Regulation / Sept. 18, 2020
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019
Bitcoin Dips Below $7,500 аs Crypto Markets See Second Day of Losses
August 1: Crypto assets have seen a second day of losses, with Bitcoin (BTC) now well below the $8,000 psychological price point and most of the major crypto assets in the red, according to data from Coin360. Market visualization from Coin360 Bitcoin (BTC) is trading around $7,490 to press time, having lost almost 3 percent on the day. Since the coin’s July 25 peak at $8,431, the leading cryptocurrency dipped down below $8,000 yesterday for the third time this week. The coin saw another sharp drop this morning, before trading sideways. Bitcoin’s 7-day price chart. Source: Cointelegraph Bitcoin Price Index …
Bitcoin / Aug. 1, 2018
Crypto Markets Fall Further Amidst Week of FUD From Asian Sector
The crypto markets are continuing to take a tumble today, June 23, following slew of FUD-like news from the crypto sector in South Korea and Japan. Market visualization from Coin360 Leading South Korean exchange Bithumb was hacked for $30 million, and Japan’s financial regulator FSA has apparently renewed their crackdown on cryptocurrency exchanges after sending out six more business improvement notices this week. Bitcoin (BTC) is edging closer to $6,000, trading for around $6,105 at press time, down less than 1 percent over a 24 hour period. Bitcoin price chart. Source: Cointelegraph Bitcoin Price Index Ethereum (ETH) is slightly down, …
Ethereum / June 23, 2018