User data stolen from major cryptocurrency exchange.
Hackers have managed to steal user data and money from Bithumb, one of the world’s biggest Bitcoin and Ethereum cryptocurrency exchanges, the company has announced.
According to Bithumb, the company’s internal network and core servers were themselves not attacked. Instead it appears that the hackers manged to steal a database of user information from the personal computer of a Bithumb employee.
PC, not server
In a statement Bithumb said “The employee PC, not the head office server, was hacked. Personal information such as mobile phone and email address of some users were leaked. However, some customers were found to have been stolen from because of the disposable password used in electronic financial transactions.”
Bithumb is South Korea’s top cryptocurrency exchange, and the global leader for the trade of Ether, a ‘competitor’ cryptocurrency of Bitcoin associated with the Ethereum computing network. As a direct result of the data breach, Bithumb activity spiked in the following days to become the number one trader globally, as trading activity increased. The company believes that the personal details of more than 30,000 of its customers, (around 3%) were stolen as a result.
A notice posted to the company’s ‘cafe’ stated categorically that the stolen data did not contain passwords. But it now appears that dozens of customers have reported receiving follow-up scam calls. The stolen data has allegedly been subsequently used to fool Bithumb users into letting thieves steal funds directly from their accounts, conning them into sharing their account authentication codes.
Bitumen has already promised to compensate affected users. The exchange said it would also compensate people for additional losses related to the attacks.
“For those who have suffered additional damage due to this incident, as soon as the amount of damages is confirmed, we will reimburse the entire amount of damages.” (On this particular point, I am trusting that Google translate has rendered Bithumb’s words correctly: What can I say, I don’t speak the language. I have been led to believe however, that one cannot say they have lived, until they have experienced Shakespeare’s Macbeth performed entirely in Korean. True story.)
Like Bitcoin, Ethereum and other cryptocurrencies are, as of yet not regulated in South Korea. Efforts by Korea’s financial authorities have struggled in recent times to adapt to the virtual currencies despite their rapid rise in value and the number of people mining and trading the currencies.
Bithumb is just the latest cryptocurrency exchange in recent months. Yapizon, another South Korean cryptocurrency exchange was successfully hacked by attackers in May, accumulating losses of almost 4,000 Bitcoin, which at the time was valued at around US$5.5 million.
As a total aside, when I first started writing professionally, one of my first clients said they could pay me in Bitcoin. I said no I would prefer real money. Had I accepted, I would currently have no mortgage. I am reminded of this fact every time I mention Bitcoin in a story.