Inside Job – $19 Million Bithumb Hack Exposes Major Problem With Cryptocurrency Exchanges
HodlX Guest Blog Submit Your Post
The latest hack suffered by Bithumb, a South Korean cryptocurrency exchange, might have been an inside job. Criminal elements within the company are suspected of stealing cryptocurrencies worth almost $20 million. With platforms focusing on securing funds from external incursions, security experts warn that exchanges might be more at risk from their own employees.
Details of the Hack
On Friday, reports of an alleged hack on Bithumb emerged on social media. Multiple cryptocurrency monitors posted suspicious transactions showing the movement of 3 million EOS, worth $13 million, from Bithumb’s wallet to an unknown destination.
Stolen fund flow analysis :
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
In the hours that followed, further revelations came to light showing that the hackers also stole about 20 million XRP, worth $6 million, from Bithumb. The suspected attackers quickly divvied up the loot among several other exchanges in an attempt to obscure the money trail.
Bithumb isn’t the first platform to fall victim to hackers. Cryptocurrency exchange thefts have become a common occurrence within the industry. Back in mid-2018, Bithumb also lost $31 million in another security breach.
Foxes Guarding the Hen House
Since the news of the hack emerged, speculations have continued to swirl about the attack being orchestrated by people inside Bithumb. The first primary evidence for these suspicions comes from Bithumb’s statement about the matter.
An excerpt from a notice released by the company on Saturday, March 30, reads:
“As a result of the inspection, it is judged that the incident is an accident involving insiders because the external intrusion path has not been revealed until now. Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency, and security companies.”
This admission from Bithumb itself points to the possibility that insiders were responsible for stealing the private key and siphoning funds from the wallet.
With exchanges spending resources on ensuring adequate security against external intrusions, there is still the possibility of unscrupulous elements within these companies acting against the interest of the exchange and its customers.
At the start of 2019, CipherTrace, a blockchain intelligence firm, released its 2018 security report which identified internally orchestrated cryptocurrency thefts as a growing threat.
Slow to React or Attempted Cover Up?
Another puzzling aspect of the matter comes from the delay by Bithumb in announcing the attack. Usually, when such delays occur, it is because the platform is none the wiser as to the hack.
However, there is evidence to suggest that Bithumb knew of the hack about 24 hours before it released a public statement. Was the South Korea-based platform attempting a cover-up?
Given the sheer volume of independent observers monitoring blockchain transactions, such a move appears counterproductive. In no time, Twitter was set atwitter with news of the hack. By the time Bithumb released its statement, most of the industry already knew about the matter.