Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Share

Coindesk | Wolfie Zhao | June 20, 2018

On Wednesday, roughly 35 billion Korean won (around $31 million) in cryptocurrency was stolen by hackers from the South Korea-based exchange Bithumb.

Although the breach may not be as severe as the $530 million hack of the Coincheck exchange earlier this year, the fact that Bithumb now ranks as the sixth biggest trading venue in the world still marks it as a notable, and worrying, incident.

While more details about the heist have surfaced in the hours following the event's confirmation, providing a glimpse into Bithumb's internal operations, some important questions about the hack still remain unanswered.

Here's what we know about the hack so far, and some details we still don't.

What we know

XRP compromised

While Bithumb has not yet disclosed full details of the stolen coins, news emerged following the hack that XRP, the native token of the XRP ledger and the world's third-largest cryptocurrency, has been targeted, according to a report from CoinDesk Korea.

Based on data from CoinMarketCap, Bithumb accounted for 10 percent of the global trading volume of XRP over the last 24 hours, with a total of $32 million-worth changing hands.

Bithumb has so far not responded to CoinDesk's request for comment.

IT improvement failed

While Bithumb officially confirmed the breach early Wednesday morning local time, it appears that security issues were already drawing attention from the exchange at least several days ago.

According to a follow-up report from CoinDesk Korea, Bithumb conducted a security enhancement checkup on June 16, just days before the confirmed hack.

The exchange explained at the time:

"Recently, the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system."

At the same time, Bithumb also started moving users' assets to a cold wallet to store cryptocurrencies in a more secure offline environment.

The CoinDesk Korea report indicated that the hack comes at a time when Bithumb is spending 10 billion won, or around $9 million dollars annually on security measures. Another report from Yonhap further suggests that Bithumb beefed up its security measures by implementing so-called "5.5.7 regulations" last month.

Under this requirement, at least 5 percent of a financial institution's staff should be IT specialists. Among those, 5 percent should focus on information security, while at least 7 percent of the firm's total budget should be on information security.

See:  The growing cost of cybersecurity

The report from Yonhap stated that 21 percent of Bithumb's employees are technology specialists as of May, and 10 percent of those are responsible for information security. Further, about eight percent of the annual spending budget is used for data protection activities.

Although Bithumb appears to have fulfilled the 5.5.7 requirements, the report said the fact that it has 300 employees means it may not be able to cope with the increasing amount of trading volume and user numbers on its platform.

Government weighs in

An hour before Bithumb confirmed the hack on its website and official Twitter account, the exchange reported the case to the Korea Internet & Security Agency (KISA), a government organization that supervises internet and cybersecurity issues in the country.

An official from KISA said a dedicated analysis team is currently in the process of investigation the hack. As of press time, the agency has not yet disclosed any details from its investigation so far.

Bithumb to refund users

Immediately after announcing the hack, Bithumb confirmed it will pay back victims using its own reserves.

Industry experts later weighed in, including bitcoin pioneer Charlie Shrem, who praised the move despite the unwelcome incident.

"Bithumb hacked for $30 million but covering all losses. Out industry is getting better and stronger," he tweeted.

In addition, litecoin creator Charlie Lee also commented that he believes the smart move is to "keep on exchange coins that you are actively trading. It's best to withdraw right after trading."

This is not the first time that Bithumb was reportedly hacked. As previously reported by CoinDesk, the platform was compromised last year with as many as 30,000 users impacted.

At that time, Bithumb later announced that it would repay each victim with 100,000 Korean won each, an amount worth about $85.

Bitcoin price dips by $200 

According to data from CoinDesk, the price of bitcoin dropped by nearly $200 to a daily low so far of $6,561 an hour after Bithumb initially published the statement. As of press time, the price had bounced back to $6,640.

In addition, as Bithumb has so far only suspended asset deposits and withdrawals, trading activity on the exchange actually appears to be increasing since the news broke. Based on data from CoinMarketCap, 24-hour trading volume was initially seen at around $350 million at the time of the news and later climbed to $380 million around noon local time on Wednesday.

Check out:  Prices Aside, Crypto’s Tech Stack Is Steadily Improving

As of press time, Bithumb still remains the sixth largest platform globally.

What we don't know

Extent of the breach

It appears that XRP is one of the assets stolen in the hack, yet it's still unclear at the moment if other assets have been taken and in what quantities. In addition, it's also not clear the number of users on Bithumb that have been impacted.

In its announcement, Bithumb refrained disclosing these details, adding that it may disclose the hacked tokens today. It has not made any statement on that at press time.

Further, it's not publicly known at this time which wallet addresses the hacked cryptocurrencies have been sent to, or whether any have been liquidated or not.

Currently, there are over 37 cryptocurrency assets on Bithumb that are available for trading against the Korean won. Among them, EOS and TRON together account for over half of the total trading volume on Bithumb, at 31 and 22 percent, respectively.

Continue to the full article --> here

 

 

Bloomberg | By Michael Patterson and Andrea Tan | Jul 16, 2018 It might be the definitive sign that cryptocurrencies have arrived on Wall Street. CFA Institute, whose grueling three-level program has helped train more than 150,000 financial professionals, is adding topics on cryptocurrencies and blockchain to its Level I and II curriculums for the first time next year. Material for the 2019 exams will be released in August, giving candidates their first opportunity to start logging a recommended 300 hours of study time. CFA added the topics, part of a new reading called Fintech in Investment Management, after industry participants showed surging interest in surveys and focus groups. The worlds of finance and crypto have become increasingly intertwined after last year’s Bitcoin boom, with regulated futures now trading in Chicago, blue-chip firms like Goldman Sachs Group Inc. dabbling in digital assets, and scores of Wall Streeters joining crypto-related startups. More:  Traders With Pockets Full of Crypto Quit Wall Street While digital coins have tumbled in 2018 and the real-world impact of blockchain ventures has thus far been limited, some observers say the technology could ultimately transform swathes of the global financial system. “We saw the field advancing more quickly ...
Read More
‘This Is Not a Passing Fad’: CFA Exam Adds Crypto, Blockchain Topics
Oracle Times | Andreas Townsend | Jul 9, 2018 The crypto world and the technology behind it are still intriguing for traders and investors as well from all over the world. A token burn is a common occurrence, and some crypto companies may decide to burn some of their tokens from the circulating supply for more reasons. This is known as coin burning, and it has been conducted by various token developers as a tool to increase demand. Binance coin burning is approaching Binance is on the verge of its quarterly coin buyback and burn of its Ethereum-based token Binance Coin (BNB). The company’s whitepaper explained how the coin burn works and states that “every quarter, we will use 20% of our profits to buy back BNB and destroy them until we buy 50% of all the BNB (100MM) back. All buy-back transactions will be announced on the blockchain. We eventually will destroy 100MM BNB, leaving 100MM BNB remaining.” The structure will make the coin more attractive to investors Binance has initially created 200 million BNB, and they promised that no more coins will be generated ever again. This structure is designed to make the coin more attractive to investors ...
Read More
Binance Coin Burn Is Around The Corner – How The Coin Burn Works
North American Clean Energy | Jul 15, 2018 Blockchain is coming to the energy world and its impact will be massive. It will accelerate the transition to renewables and give us real and immediate ways to combat global warming, incentivize the production of renewable energy, and replace fossil fuels. What is blockchain? If you’ve heard of Bitcoin, blockchain is the technology that powers it. Blockchain allows data to be recorded on a distributed ledger in a way that cannot be changed. Why does it matter? The key benefit of blockchain as a technology is that it enables parties that do not know each other or trust each other to do business together and still feel secure.  Applications running on the blockchain can take advantage of smart contracts that trigger certain events (for example, payment) when particular milestones are met – so long as some form of proof is presented that a particular milestone has been met. More:  Blockchain has the potential to do amazing things, but it needs a reboot Together, blockchain as a technology, and the advent of smart contracts running on it, have the potential to change everything, much the same way that internet technology changed everything in the ...
Read More
Blockchain and the Future of Energy
BNN Bloomberg | Nisha Gopalan and Andy Mukherjee | Jul 14, 2018 (Bloomberg Opinion) -- Can’t code, or speak Bahasa? Didn’t go to school with a CEO’s son or daughter? A robot will take your trading seat. Read on if you want to save your job. The threat from automation is in the flows part of banks’ global markets business, the most important chunk of the biggest division of investment banking. Investment banks garner 70 percent of their revenue from global markets, made up of trading stocks and bonds, as well as structuring derivatives products and financing; the remaining 30 percent comes from advisory services like shepherding M&As or helping companies raise equity and debt. The higher-margin areas within markets — from structuring to swaps — is relationship-oriented, and therefore (relatively) safe from robot overlords. And it happens to be a big contributor to the 70 percent pie, especially in Asia, where commissions on equities and fixed-income trades are sinking fast, and language and client connections play a big role. Good news? Read on. With the flows business comprising 51 percent of banks’ global markets revenue of $109.8 billion last year, according to Coalition data, automation of even vanilla trades is no small threat. Besides, the 30 percent ...
Read More
Lifehacks for When a Robot Wants Your Job
Crowdfund Insider | Cali Haan | Jul 9, 2018 The Ontario Securities Commission (OSC) published its 2018-2019 “Statement of Priorities” June 5th, but the document provides zero helpful guidance to Ontario companies trying to engage with cutting-edge blockchain-based financial technologies, says Toronto-based blockchain lawyer Amy ter Haar. The “OSC…Statement of Priorities for the Financial Year to End March 31, 2019” restates the commission’s ongoing commitment to investor protection, reduction of regulatory burden and the enhancement of staffing diversity. But according to ter Haar, when it comes to areas like ICOs (Initial Coin Offerings), “tokenized securities” and blockchain for fintech, the agency is painfully vague. “The entire investment community is looking to the OSC and CSA for guidance around blockchain and cryptocurrencies and it is disappointing that this hasn’t been highlighted as a priority,” wrote a frustrated Ter Haar via LinkedIN. While it is clear from the “Statement of Priorities” that the OSC has many concerns in its purview, the document’s reliance on fuzzy platitudes regarding Fintech suggests sluggishness at commission and the downright neglect of a growth industry supercharging across the globe: “There are two sides to industry health. Investor protection is just one side of it…However we categorize cryptocurrencies ...
Read More
Ontario Securities Commission “Doesn’t Really Know What’s Going On” in Blockchain Fintech, Says Lawyer
About NCFA Canada | C. Asano | July 9, 2018 TORONTO, JUL 9, 2018 – The National Crowdfunding & Fintech Association of Canada (NCFA) today announced that Charlene Cieslik, Chief Anti-Money Laundering Officer (CAMLO) of Coinsquare, has joined the Association`s growing Advisory Group to advise on the areas Compliance and Anti-Money Laundering (view). Charlene Cieslik is the Chief Anti Money Laundering Officer of Coinsquare, Canada's most secure digital asset exchange for buying bitcoin, ethereum, and other digital currencies.  During her 20-year career, Charlene has held roles as the Chief Compliance Officer, Chief Anti-Money Laundering Officer, Chief Anti-Bribery Officer, and Chief Privacy Officer at several Canadian and Foreign scheduled banks, where she was responsible for the development, remediation, and execution of AML/ATF, anti-bribery, regulatory, and privacy programs. Charlene has worked with several “Big 4” accounting firms and a Canadian fintech company, where she has assisted global financial institutions with AML/ATF program development, particularly with post-regulatory exam remediation and AML/ATF investigations. Charlene holds a Master’s degree in Criminology from the University of Toronto, is a Certified Anti-Money Laundering Specialist, and was an original founder of the Toronto ACAMS Chapter.  She has lectured as a Professor at Seneca College and currently teaches in ...
Read More
Charlene Cieslik, Chief Anti-Money Laundering Officer of Coinsquare, Joins the National Crowdfunding & Fintech Association of Canada’s Advisory Group
Crowdfund Insider | JD Alois | Jul 2, 2018 In a significant policy move by the UK government, the threshold for investment crowdfunding has been upped to €8 million thus matching the recent change by Germany which announced the same funding limit. This increase is due to a change in the Prospectus Directive. In the UK, there is no limit on how much a crowdfunding platform may raise online. But a rule requiring a full blown prospectus at €5 million has, in effect, created a significant speed bump for investment crowdfunding platforms – one that has rarely been breached due to the cost of creating and complying with a prospectus requirement. The change announced today, should have an important impact on UK crowdfunding platforms as it will help make the online capital formation industry far more viable as issuers seek larger funding amounts raised via the issuance of securities online. In the early days of UK crowdfunding most issuers raised smaller seed round amounts. Today, issuers span a far wider range of funding requirements from seed stage to scale up. Frequently, these offerings are done in partnership with professional investors such as VCs or experienced angels. See:  Competition Bureau weighs in on ...
Read More
UK Government Ups Crowdfunding without Prospectus to €8 Million – Matching Germany
Betakit | By Amira Zubairi | Jul 4, 2018 Several Canadian FinTechs have made announcements on the growth of their companies, launching new features and partnerships. Here’s the latest on these company updates. Skrumble Network raises $19.96 million Toronto-based Skrumble Network, which aims to create secure connections for communication, raised $19.96 million ($15 million USD) through its token crowd-sale. Skrumble Network said it raised the funding for its communication-centric blockchain network that will provide developers the infrastructure to build messaging apps. The company wants to help developers build messaging apps that feature secure connections, real-time voice and video calling, wallet integrations for in-context money transfers, and the ability to edit, save, and unsend messages. Skrumble Network said its broader goal is to address data privacy concerns and allow users to take back ownership of their personal data. The company uses a consensus-based algorithm derived from unique session IDs, which enable private peer-to-peer connections. “Social media has completely changed the face of communication, and now, data privacy and ownership is one of the biggest concerns of this time. 2.2 billion users around the world have trusted Facebook with their information; 87 million of those users received a wake-up call…when they got ...
Read More
Today in FinTech: Skrumble Network raises $19 million CAD in ICO, Goldmoney partners with Malbex Resources
SmartCompany | Dominic Powell | Jul 2, 2018 A raft of Australian fintechs have signed a newly minted code of practice to improve transparency and bolster confidence in the small business lending space. Released on Friday, the code was formulated and backed by Australia’s Small Business Ombudsman Kate Carnell, the Australian Finance Industry Association (AFIA), FinTech Australia, and lending advisory and SME advocate thebankdoctor.org, operated by Neil Slonim. Leading small business lending fintechs Capify, GetCapital, Moula, OnDeck, Prospa and Spotcap were all signatories to the code, which will require them to comply with a series of best practice principles when dealing with SME customers. Alongside pledging to meet all current legal and regulatory requirements for small business lending, the signatories have also agreed to introduce an easy to understand loan summary and contribute to a price comparison document being produced by the code’s organisers. See:  Peer-to-peer lending will help small businesses stay afloat This document will simply lay out all costs and fees associated with the fintech’s loans, including the total repayment amount, annual percentage rate, and the simple annual interest rate. Failure to comply with the code will see the offending fintech lender subject to an independent Code Compliance ...
Read More
Six Aussie fintech lenders sign on to code of practice to help SMEs get better loans
WiredGov UK | FCA | Jun 28, 2018 The Financial Conduct Authority (FCA) yesterday published an update on its Strategic Review of Retail Banking Business Models. The Review is an in-depth and wide-ranging piece of work to give the FCA a greater understanding of retail banks’ business models, and how these may change in the future. This includes looking at how personal current accounts (PCAs) are paid for, the possible impact of technological and regulatory developments such as Open Banking and changes to payment services due to the revised Payment Services Directive (PSD2). It sets out the progress made on the analysis of the issues and planned next steps. See:  New matchmaking service for small businesses looking for finance The review is also critical to the FCA’s work on overdrafts. The FCA has already expressed concerns that some potentially vulnerable people are paying significantly more for their current accounts through unarranged overdraft charges and fees. In May this year, the FCA proposed a set of potential changes on overdrafts for discussion as part of its high cost credit work and will consult on any changes later this year. The review shows that most current account customers contribute to their bank’s profits, but ...
Read More
FCA publishes update on wide-ranging review of retail banking sector

 


The National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Share