Embezzlement Leads to $26 Million Loss and Bankruptcy of Coinbin Exchange

Summary

South Korean cryptocurrency exchange Coinbin, which took over the previously hacked exchange Youbit, filed for bankruptcy on February 20, 2019, following embezzlement by an employee. The employee, previously the CEO of Youbit and responsible for cryptocurrency balances at Coinbin, was accused of neglecting his duties and embezzling funds. Specifically, he allegedly appropriated the key to an Ethereum wallet and claimed the cryptographic key had been lost. In addition to these events, Youbit was previously hacked twice: in April and December 2017, losing around 4,000 Bitcoin and $35 million, respectively. Following the December attack, Youbit filed for bankruptcy, but later controversially re-emerged as Coinbin. Youbit’s parent company, Yapian Corp, took out an insurance policy just 20 days before filing for bankruptcy, leading to allegations of insurance fraud.

Attackers

The insider attacker was an employee of Coinbin, previously the CEO of Youbit. External attacks on Youbit were likely initiated by North Korean hackers via phishing messages, a common attack method used by North Korean hackers, particularly aimed at South Korean cryptocurrency custodians.

Losses

  • Yapizon Hack: April 2017: $4.7 million worth of 3,816 Bitcoin
  • Youbit Hack: December 2017: $35 million
  • Coinbin Embezzlement, February 2019: $26 million worth of 29.3 billion won

Timeline

  • April 22, 2017: Youbit, formerly known as Yapizon at the time, has been hacked by the wallet compromise, with 3,816 Bitcoin stolen
  • September 2017: FireEye, a security research firm, published a research blog that says the Yapizon hack was likely initiated by North Korean hackers.
  • December 1, 2017: Yapian Corp took insurance from DB Insurance
  • December 18, 2017, 07:35 PM UTC: Youbit hacked, losing the equivalent of $35 million USD and filing for bankruptcy.
  • March 28, 2018: Yapian’s press release revealed that DN Insurance, denied the payout of $2.8 million:

    Youbit violated its obligation to notify (obligation to notify before contracting) and decided not to pay insurance money.

  • March 21, 2018: Rights, information, and assets from Youbit transferred to Coinbin.
  • February 20, 2019: Coinbin’s CEO, Park Chan-kyu announces bankruptcy following embezzlement by an employee.

Security Failure Causes

Insider fraud / Insufficient access control mechanisms: Youbit’s former CEO had unrestricted access to the necessary cryptographic keys. Wallet Compromise: The loss was also tied to previous incidents of wallet compromises, notably the attacks on Youbit. Phishing Attack: The Yapizon hack is most likely the result of phishing.