2022 Fintech and Funding Conference (FFCON22: REGEN) | Dec 1 + Dec 6, 2022 Hybrid

Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Coindesk | Wolfie Zhao | June 20, 2018

bithumb Korean exchange hacked - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)On Wednesday, roughly 35 billion Korean won (around $31 million) in cryptocurrency was stolen by hackers from the South Korea-based exchange Bithumb.

Although the breach may not be as severe as the $530 million hack of the Coincheck exchange earlier this year, the fact that Bithumb now ranks as the sixth biggest trading venue in the world still marks it as a notable, and worrying, incident.

While more details about the heist have surfaced in the hours following the event's confirmation, providing a glimpse into Bithumb's internal operations, some important questions about the hack still remain unanswered.

Here's what we know about the hack so far, and some details we still don't.

What we know

XRP compromised

While Bithumb has not yet disclosed full details of the stolen coins, news emerged following the hack that XRP, the native token of the XRP ledger and the world's third-largest cryptocurrency, has been targeted, according to a report from CoinDesk Korea.

Based on data from CoinMarketCap, Bithumb accounted for 10 percent of the global trading volume of XRP over the last 24 hours, with a total of $32 million-worth changing hands.

Bithumb has so far not responded to CoinDesk's request for comment.

IT improvement failed

While Bithumb officially confirmed the breach early Wednesday morning local time, it appears that security issues were already drawing attention from the exchange at least several days ago.

According to a follow-up report from CoinDesk Korea, Bithumb conducted a security enhancement checkup on June 16, just days before the confirmed hack.

The exchange explained at the time:

"Recently, the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system."

At the same time, Bithumb also started moving users' assets to a cold wallet to store cryptocurrencies in a more secure offline environment.

The CoinDesk Korea report indicated that the hack comes at a time when Bithumb is spending 10 billion won, or around $9 million dollars annually on security measures. Another report from Yonhap further suggests that Bithumb beefed up its security measures by implementing so-called "5.5.7 regulations" last month.

Under this requirement, at least 5 percent of a financial institution's staff should be IT specialists. Among those, 5 percent should focus on information security, while at least 7 percent of the firm's total budget should be on information security.

See:  The growing cost of cybersecurity

The report from Yonhap stated that 21 percent of Bithumb's employees are technology specialists as of May, and 10 percent of those are responsible for information security. Further, about eight percent of the annual spending budget is used for data protection activities.

Although Bithumb appears to have fulfilled the 5.5.7 requirements, the report said the fact that it has 300 employees means it may not be able to cope with the increasing amount of trading volume and user numbers on its platform.

Government weighs in

An hour before Bithumb confirmed the hack on its website and official Twitter account, the exchange reported the case to the Korea Internet & Security Agency (KISA), a government organization that supervises internet and cybersecurity issues in the country.

An official from KISA said a dedicated analysis team is currently in the process of investigation the hack. As of press time, the agency has not yet disclosed any details from its investigation so far.

Bithumb to refund users

Immediately after announcing the hack, Bithumb confirmed it will pay back victims using its own reserves.

Industry experts later weighed in, including bitcoin pioneer Charlie Shrem, who praised the move despite the unwelcome incident.

"Bithumb hacked for $30 million but covering all losses. Out industry is getting better and stronger," he tweeted.

In addition, litecoin creator Charlie Lee also commented that he believes the smart move is to "keep on exchange coins that you are actively trading. It's best to withdraw right after trading."

This is not the first time that Bithumb was reportedly hacked. As previously reported by CoinDesk, the platform was compromised last year with as many as 30,000 users impacted.

At that time, Bithumb later announced that it would repay each victim with 100,000 Korean won each, an amount worth about $85.

Bitcoin price dips by $200 

According to data from CoinDesk, the price of bitcoin dropped by nearly $200 to a daily low so far of $6,561 an hour after Bithumb initially published the statement. As of press time, the price had bounced back to $6,640.

In addition, as Bithumb has so far only suspended asset deposits and withdrawals, trading activity on the exchange actually appears to be increasing since the news broke. Based on data from CoinMarketCap, 24-hour trading volume was initially seen at around $350 million at the time of the news and later climbed to $380 million around noon local time on Wednesday.

Check out:  Prices Aside, Crypto’s Tech Stack Is Steadily Improving

As of press time, Bithumb still remains the sixth largest platform globally.

What we don't know

Extent of the breach

It appears that XRP is one of the assets stolen in the hack, yet it's still unclear at the moment if other assets have been taken and in what quantities. In addition, it's also not clear the number of users on Bithumb that have been impacted.

In its announcement, Bithumb refrained disclosing these details, adding that it may disclose the hacked tokens today. It has not made any statement on that at press time.

Further, it's not publicly known at this time which wallet addresses the hacked cryptocurrencies have been sent to, or whether any have been liquidated or not.

Currently, there are over 37 cryptocurrency assets on Bithumb that are available for trading against the Korean won. Among them, EOS and TRON together account for over half of the total trading volume on Bithumb, at 31 and 22 percent, respectively.

Continue to the full article --> here

 

latest news - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)

 

BankingDive | Anna Hrushka | Sep 23, 2022 Sen. Elizabeth Warren, D-MA, called the peer-to-peer payments network “unsafe,” claiming Zelle users were defrauded out of $500 million last year. “You have created a perfect weapon for criminals to use and they have used it and you have not stood behind your customers,” she told the witnesses, which included the CEOs of JPMorgan Chase, Bank of America, Wells Fargo, Citi, Truist, PNC and U.S. Bank. Zelle, a network designed to compete with P2P fintechs such as Venmo and Cash App, is owned by six of the seven banks represented at Thursday’s Senate Banking Committee hearing. Senate Democrats on Thursday pressed the CEOs of the nation’s largest retail banks to answer for scams associated with Zelle, a bank-owned peer-to-peer payments network, calling for the institutions to implement policies to protect and redress customers defrauded through the platform. See: Asset Managers, Banks Are Tightening Controls of Communication Tools like WhatsApp Some New Banking Rules Implemented to Protect Consumers in Canada In a joint letter sent to Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra in April, the Democratic lawmakers called on the regulator to expand the definition of “error payments” to include payments ...
Read More
Ms Warren at Zelle senate hearing - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
TechCrunch | Anita Ramaswamy | Sep 20, 2022 Sardine announced it has raised $51.5 million in a Series B round led by Andreessen Horowitz’s (a16z) Growth Fund after closing $19.5 million for its Series A earlier this year.  “Faster instant payments mean faster fraud,” Sardine CEO and co-founder Soups Ranjan told TechCrunch. That’s the thesis behind his startup, which uses behavioral, financial and device-specific user data to detect fraud on behalf of its clients in the crypto and fintech industries. Growth: Sardine has grown considerably since it announced the Series A back in February, growing its roster of clients from ~50 to ~135 today, Ranjan said. Its customers include crypto exchanges FTX and Blockchain.com as well as fintechs with broader mandates such as Wealthsimple and Digit, he added. See:  Consumer Protection: Fintech Complaints Have Been Rising Differentiators: Sardine’s differentiation in the market as stemming from his team’s experience and the company’s focus on fintechs. Another major differentiator from competitors like Socure is its instant ACH and card onramp to crypto, which allows its customers to purchase over 30 different crypto assets instantly. Banks and card issuers typically use fraud detection algorithms for crypto that aren’t nearly granular enough.  Around half ...
Read More
Fishy transactions - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
Clyde&Co | Sep 21, 2022 On June 29, 2022, the Quebec government presented the draft Regulation respecting confidentiality incidents (the “Quebec Regulation”). The Quebec Regulation specifies the content of the new notification and record-keeping requirements following the occurrence of a confidentiality incident. The regulation is set to enter into force on September 22, 2022, along with the first amendments to Quebec's Act respecting the protection of personal information in the private sector (the “Private Sector Act”), following the adoption of Bill 64,  An Act to modernize legislative provisions as regards the protection of personal information (“Bill 64”). See:  5 Billion Profiles: Class Action Lawsuit Accuses Oracle of Privacy Breach and “Global Surveillance” Bill 64 received assent on September 22, 2021, which marked the start of Quebec's transition into modernizing the rules that apply to the protection of personal information. We recently published an insight which provides an overview of the amendments that Bill 64 is bringing along for the next few years. What is a confidentiality incident? As amended by Bill 64, Section 3.6 of the Private Sector Act provides the following definition of a “confidentiality incident”: access not authorized by law to personal information; use not authorized by law ...
Read More
Quebec Draft regulation on confidentiailty incidents - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
Investment Executive | Greg Meckbach | Sep 16, 2022 Open banking — available in Britain but not yet in Canada — is when a financial institution shares client account details (with consent) with a third party, without the client having to share their login name and password.   In 2021, a government-appointed advisory committee recommended that open banking be up and running by January 2023. In the committee’s proposed initial phase, third-party service providers (such as fintechs) should be able to read data from clients’ chequing and savings accounts, investments accounts, RRSPs, TFSAs and non-registered accounts that hold stocks, bonds, mutual funds and GICs, the committee said in its final report. Open banking should be mandatory for federally regulated banks and optional for provincially regulated institutions and “other entities,” the report added. Fee comparison:  Armed with such data, a third-party fintech could potentially tell a consumer how much they could save on fees, said Stephanie Holmes-Winton, CEO and founder of Halifax-based fintech CacheFlo Inc. Through open banking, a fintech could learn that a client has multiple accounts at different institutions with similar investments in them. The fintech could then compare the fees, Holmes-Winton said. See: Canada’s Open Banking Journey: Interview with ...
Read More
Fintech open banking - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
The Defiant | Owen Fernau  | Sep 22, 2022 Agency Alleges Ooki DAO Offered Derivatives Without a License In a case that has roiled the crypto community and triggered a dissent from one its own officials, the U.S. Commodity Futures Trading Commission (CFTC) brought an enforcement action yesterday that challenges fundamental tenets of decentralized finance. On Sept. 22, the regulator alleged in a lawsuit that a DAO called Ooki DAO engaged in activities that only regulated entities called futures commission merchants (FCM) can perform. The DAO illegally offered leveraged and marginal retail commodity transactions in digital assets, which are derivatives, and agreed to pay a $250,000 penalty, the CFTC said. The commission also named the venture’s founders, Tom Bean and Kyle Kistner, in the suit. See:  New U.S. Bill Gives Crypto Oversight to the CFTC The CFTC’s actions suggest that calling an entity a DAO, or invoking token-based voting as part of an organization’s decision-making process, doesn’t necessarily protect that entity from the legal responsibilities of a traditionally regulated institution. CFTC Commissioner Summer Mersinger - broke rank with her five fellow commissioners and said: The action wasn’t supported by the Commodity Exchange Act, the law that regulates derivatives inssuance, and amounted ...
Read More
CFTC - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
Betakit | Josh Scott | Sep 21, 2022 FrontFundr has launched its own fundraising campaign on FrontFundr, which the company said will remain open to the public until November 4. Toronto-based FrontFundr has announced that it has helped startups raise over $140 million across more than 100 fundraising campaigns using its equity crowdfunding platform. Since Canadian regulators introduced harmonized crowdfunding rules across Canada, making equity crowdfunding more accessible, Van Hoeken has seen its popularity rise, especially as broader economic conditions have worsened. So far, FrontFundr has raised a total of $7.3 million CAD from over 900 investors. The company aims to raise another $2.5 million to $5 million through its latest offering to support its product development plans and boost its sales. To date, FrontFundr has built a community of more than 30,000 users. The startup’s platform has helped Canadian tech startups like Manzil, Caary, and FrontFundr itself raise capital. Van Hoeken also sees a future where FrontFundr can help more public companies raise money using its platform. Over the longer-term, FrontFundr has ambitions to “spread [its] wings” across North America and into the United States. See:  Fintech Fridays EP57: 10 Years of Investment Crowdfunding: Past, Present & Future Since ...
Read More
FrontFundrs team Sep 2022 - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
Coinsmart | Release | Sep 22, 2022 TORONTO, Sept. 22, 2022 /CNW/ - CoinSmart Financial Inc. ("CoinSmart" or the "Company") (NEO: SMRT) (FSE: IIR), announced today that it has entered into a definitive agreement dated September 22, 2022 (the "Purchase Agreement") with Coinsquare Ltd. ("Coinsquare"), a leading Canadian crypto asset trading platform, pursuant to which CoinSmart has agreed to sell to Coinsquare all of the issued and outstanding shares of its wholly-owned operating subsidiary Simply Digital Technologies Inc. ("Simply Digital") (the "Transaction"). The acquisition and integration of these two businesses will establish Coinsquare as one of Canada's largest crypto asset trading platforms with a diversified and compliant offering across various business lines, including both retail and institutional trading, crypto payment processing, and digital asset custody. CoinSmart will hold approximately 12% ownership in Coinsquare on a pro-forma basis. The combined company has transacted over $10 billion since January 2018, and will have over $350 million in assets under custody with a combined user base in excess of 1 million. See:  FINTECH FRIDAY$ (EP23-Feb 1): Getting Smart About Crypto and Insurtech Snapchat Models – Interview with Justin Hartzman, Co-founder and CEO of Coinsmart Crypto Exchange CoinSmart Co-Founders Justin Hartzman, Jeremy Koven, and ...
Read More
Coinsmart - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
For Bitvo by Tristram Waye | Sep 22, 2022 Power of expectations and some broad elements that may impact your trading The deeper you get into the trading arena, the more you will notice the power of expectations.  Expectations shape pricing and the moves in response to news and events.  They shape how market participants reflexively respond and reposition which further influences prices and policies.  And that means that expectations affect your trading decisions. The Fed and the economic data:  We will be focused on the US because the Federal Reserve can be considered the world’s central bank.   These reports give some insight into the economic conditions taking place. Some of these have a lag. Others are more recent. And there are other reports that give more granular insights into business conditions and numerous other metrics.  See:  Should You Be Hedging Your Crypto Trading? These data points have varying relevance and importance based on circumstances in the real world. So one data point might be a focal point in one period and of little relevance in another. And, of course, there are seasonal trends in many data points. Right now, there is a focus on inflation. Inflation management falls to ...
Read More
Power of expectations - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
NfX | Pete Flint | Sep 2022 Affordability issues breeding innovation:  Real estate has always been more than just the largest asset class in the world. It is the embodiment of home and work, family and business – the opportunity of generational wealth, writ large. The American dream.  One that has become increasingly out of reach to most Americans. Paths to ownership of real estate are expanding. What “ownership” even means is also expanding. Affordability and access to traditional home ownership has only eroded since the housing bubble in 2008, as lending standards tightened and home prices have soared in recent years. And yet, restriction breeds innovation and market changes create opportunity. From the front lines with proptech Founders, we’re seeing early signs of a real estate revolution. See:  Vancouver Proptech Startup addy Launches Canada’s First Crowdfunded Real Estate Investing App Real Estate 1.0: The Information Revolution:  The first phase of tech adoption in the home-buying process was Real Estate 1.0, an information revolution enabled by the internet. The problem was the lack of information about one of the most important financial decisions a person can make: buying or selling a home. Real Estate 2.0: The Transaction Revolution: Streamlining the ...
Read More
Real estate as a percentage of real assets - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)
TechCrunch | Carly Page | Sep 20, 2022 Fintech startup Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customers. Response: Revolut spokesperson Michael Bodansky told TechCrunch: an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period of time.” Revolut discovered the malicious access late on September 11 and isolated the attack by the following morning.  We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected.  Customers who have not received an email have not been impacted." See:  Revolut executive resigns amid growing tensions with the FCA over banking license In a message sent to affected customers posted to Reddit, the company said that “no card details, PINs or passwords were accessed.” However, the breach disclosure states that hackers likely accessed partial card payment data, along with customers’ names, addresses, email addresses and phone numbers. How many customers:  first spotted by Bleeping Computer, the company says 50,150 customers were impacted by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens. How did ...
Read More
Revolut  - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)

 


NCFA Jan 2018 resize - Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don't)The National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × 1 =