Bithumb gave users another reason not to leave funds on their exchange yesterday as reports emerged that they have been hacked again, to the tune of approximately $18.5 million. The hack, which saw EOS (three million) and XRP (twenty million) tokens stolen, comes nine months after $30 million worth of tokens were stolen in June 2018, although the source of this hack is said to have come through “internal embezzlement” rather than an external hacker.
BREAKING ???
Bithumb is being hacked, at its EOS cold storage level!!! Over 3million EOS has been transferred out ???
Detail to be reported, confirmed by security firm who’s auditing for Bithumb
— Dovey Wan ? (@DoveyWan) March 30, 2019
Inside Job Suspected
Bithumb halted deposits and withdrawals on March 29 without giving any further information, although Twitter users didn’t take long to suspect that something was amiss. Some eighteen hours later, user @DoveryWan raised the alarm, alleging that the EOS private key had been stolen and the hot wallet funds transferred out to various exchanges and swap platforms, including Huobi, KuCoin, Changelly, and ChangeNow. Shortly afterwards, Bithumb released a post explaining what had happened, stating that their abnormal trading monitoring system had flagged up some unusual behavior and that they had suspended deposits and withdrawals as a result, but not before millions of dollars’ worth of EOS and XRP had been sent out of hot wallets. Bithumb added that an “internal inspection” concluded that “insiders” had been at the heart of the theft, with some in the crypto community suggesting that Bithumb’s recent redundancies may have stirred enough ill will to carry out the theft as an act of vengeance.
User Funds Not at Risk
@DoveyWan was also able to track the route of the stolen funds, while Bithumb itself has stated that it expects to recover them. This isn’t an empty promise – the 2018 hack saw almost half the $30 million worth of stolen tokens recovered, so there is a good chance it could get more back given recent improvements in blockchain technology. Changelly have announced that they have been able to freeze 243,000 XRP ($76,000) and 114,000 EOS ($479,000) tokens, although this task was made more difficult given that the stolen funds were sent to the exchange in up to 52 different transactions. If this is indeed an insider job then questions should be raised about the caliber of staff that Bithumb is hiring, as well as the ease with which they can steal the exchange’s funds. Thankfully on this occasion user funds were not in danger, but nevertheless it is yet another example of poor security in an ecosystem that wants to rival top financial markets.
What do you think? Will Bithumb recover from this latest hack, or will it prove to be too much for users to stomach and move their trading elsewhere? Let us know in the comments below.
