Cryptocurrency Exchange Bithumb Hacked, $19 Million Stolen
Bithumb, a prominent cryptocurrency exchange headquartered in South Korea, has confirmed that hackers accessed its systems and siphoned off nearly $19 million in digital assets. The breach, acknowledged by the company yesterday, underscores ongoing vulnerabilities faced by cryptocurrency platforms, despite advancements in security protocols.
The attack, first reported by Dovey Wan of Primitive Ventures on social media, involved the compromise of Bithumb’s hot wallets for EOS and XRP. Approximately 3 million EOS, valued at around $13 million, and about 20 million XRP, worth approximately $6 million, were transferred to the attackers’ newly created accounts. This theft illuminates the risks associated with hot wallets, which are regularly connected to the internet and thus more susceptible to cyber intrusions.
Following the initial theft, the hackers proceeded to launder the stolen assets through various cryptocurrency exchanges, including Huobi and EXmo, utilizing ChangeNow—a non-custodial crypto swap platform that sidesteps traditional verification protocols. This tactic exemplifies the operational techniques employed by cybercriminals to obscure the origins of illicit funds.
The recent hack is not Bithumb’s first encounter with cyber threats. The exchange faced previous breaches in June 2018 and July 2017, resulting in losses of $31 million and $1 million, respectively. Wan noted the startling recurrence of such security incidents: “This is the second time Bithumb saw a MAJOR hack, last time it lost over $30 million; yet it still managed to acquire a fiat license from Korea.”
Reports indicate that the attackers gained access to the EOS hot wallet by obtaining its private key, which allowed for the transfer of funds to targeted accounts. An illustration shared by Changpeng Zhao, CEO of Binance, highlights the methodical approach the hackers took to redistribute the stolen cryptocurrency.
Bithumb has initiated an investigation and suspects that insider assistance may have facilitated the breach. The company has formally reported the incident to the Korea Internet and Security Agency (KISA) and local cyber police to expedite its inquiry. In its public statement, Bithumb expressed regret for the disruption to deposit and withdrawal services, emphasizing that the investigation thus far has not identified any external intrusion pathways, which raises concerns regarding internal security protocols.
The exchange is currently collaborating with other major cryptocurrency platforms and foundations in an effort to recover the lost funds. In a previous incident where Bithumb lost $30 million in EOS, the company successfully retrieved about half of the assets. The question remains whether it can replicate this success amidst heightened scrutiny and potential regulatory fallout.
Using the MITRE ATT&CK framework can provide insight into the techniques likely employed by the attackers throughout this incident. Tactics such as initial access, which may involve exploiting weak points in security, and lateral movement techniques aimed at breed trust and facilitate broader access within the organization could have played significant roles in how this breach was orchestrated.
As the cryptocurrency landscape continues to evolve, incidents like this serve as a stark reminder of the cybersecurity challenges that accompany rapid technological advancements. It highlights the critical need for robust security measures within organizations that handle digital assets, as threats become increasingly sophisticated.
