Bithumb Hacked for $31 Million

Summary #

On June 20, 2018, Bithumb, a South Korean cryptocurrency exchange, was hacked for $31.5 million. The attacker gained access to one of the exchange’s hot wallets.

Attackers #

The identity of the attacker(s) is unknown.

Losses #

35 billion won ($31.5 million)

Timeline #

• June 20, 2018: Bithumb announced that 35,000,000,000 KRW worth cryptocurrencies have been stolen
• June 28, 2018: Bithamb announced that he managed to return part of the stolen funds and the actual amount of damage is 19 billion won ($17.1 million)

Security Failure Causes #

Bithumb has not officially announced what exactly allowed the hackers to access its system. Several possible reasons:

• Malicious actions of responsible employees: This may have been orchestrated by an individual within the exchange’s team possessing the necessary access permissions.
• Attack on web infrastructure: The attacker might have infiltrated the exchange’s hot wallet services by exploiting vulnerabilities in the web infrastructure.
• Social engineering attack: Through a concoction of phishing tactics, employing exploits, malware, and covert entry points, the culprits could have manipulated employees with access to secure their private keys.