Bithumb was hacked for the in less than a year as attackers managed to steal 3 million coins and 20 million XRP. The subsequent laundering of the $21 million dollar haul was then tracked in real time by a twitter analyst, as the hacker swapped the tainted coins for other on non-KYC exchanges.
Bithumb hacked again: 3 million EOS gone!
The broke late on Saturday morning (UST) as crypto entrepreneur and analyst Dovey Wan apparently coming from a security firm who were auditing for Bithumb.
The attack was at first feared to have struck the ’s exchange’s cold . However it was later confirmed that it was an online ‘’ that had been hacked. As Wan stated, this is the second time in less than a year that Bithumb has fallen prey to the same trap:
“And this is the second time Bithumb saw a MAJOR hack, last time it’s hacked with a loss over $30m.. lol and after the first hack it was STILL able to get the fiat license from Korea and WTF??”
As more filtered through it was revealed that the was on the move via the non-custodial, non-KYC exchange ChangeNow. Dovey Wan posted this screenshot of substantial sums of passing through ChangeNow’s transaction logs.
It gets worse: 20 million XRP hacked
It was then revealed that XRP had also been stolen in the attack, with 20 million coins leaving the hot along with the . The stolen XRP funds equated to around $6 million. Wan the XRP address on the hot that had been hit:
“XRP hacked address – rLaHMvsPnPbiNQSjAgY8Tf8953jxQo4vnu stolen 20,000,000 xrp (worth $6,000,00)”
By this point Bithumb had started to move all the remaining funds from the hot into the cold . The stolen coins meanwhile were being laundered through an intricate web of back-and-forth transactions between multiple exchanges and addresses, as seen below.
The attacker’s address can be (note the number of inbound transactions from people begging for money). By a few hours after the attack, the stolen coins had been tracked as far as the following exchanges.
Bithumb apologizes, suggests an ‘accident involving insiders’
The official account sparked into action this morning to remind users that they’re funds were safe.
“We deeply apologize to our members for delaying the deposit and withdrawal service, we would like to inform you of the circumstances of the grounds and confirm that your assets are safe.”
In the accompanying blog, the exchange operator appeared to confirm that the theft had involved people working at Bithumb. From :
“As a result of the internal inspection, it is judged that the incident is an ‘accident involving insiders’. Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency and security companies.”
Bithumb says it ‘expects to recover’ the stolen funds, and that from now on it would be applying the same rigour to its internal security as it had its external:
“We constantly monitor and block external hacking. However, it was our fault that we only focused on defense of outside attack and lack of verification of internal staff.”
Published at Sat, 30 Mar 2019 12:07:48 +0000
