Posted on

Major Korean Crypto Exchange Bithumb Prosecuted for Failure to Protect User Data

Korean crypto exchange Bithumb has been prosecuted for its alleged failure to take adequate measures to protect personal data, allegedly leading to a subsequent hack in 2017.

South Korean crypto exchange Bithumb has been prosecuted for its alleged failure to take adequate measures to protect personal information, which was later presumably exploited by hackers to steal funds from the platform. The news was reported by Cointelegraph Japan on June 19.

Prosecutors allege the data breach led directly to the second hack affecting the platform, in which almost $7 million in user funds was stolen.

As Cointelegraph has previously reported, Bithumb first notified authorities of a major data breach in late June 2017, thought to have affected around 31,000 exchange user accounts.

The data leak is believed to have originated from the computer of an unidentified company employee. Alleging that the exchange failed to implement adequate data security measures, prosecutors have charged Bithumb under the information protection article of Korea’s Information Communication Network Act, Cointelegraph Japan reports.

The leaked data of 31,000 Bithumb user accounts in 2017 reportedly included user names, phone numbers, email addresses and crypto transaction histories. Customer IDs and passwords were not, however, compromised.

Specifically, prosecutors accuse Bithumb of having stored customer data on employee computers without encryption, as well as failing to install security update software.

Buthumb issued a formal apology on April 19th, pledging to do its best to protect customers but countering prosecutors’ claims of a direct connection between the data breach and subsequent hack.

This spring, Bithumb suffered its third major hack and lost approximately $13 million in an incident executives have claimed was masterminded by an insider.

A prior hack in summer 2018 was initially thought to have resulted in the loss of as much as $31 million, a figure later reduced to $17 million.

In the wake of this spring’s latest breach, Bithumb conducted a third-party audit of its funds, stating that the stolen cryptocurrency (EOS tokens) were company funds and that it had moved all remaining tokens to cold wallet storage after the incident.

As recently reported, 2019 has thus far seen seven crypto exchanges suffer large-scale hacks, among them leading crypto exchange Binance.

Posted on

Round-Up of Crypto Exchanges Hack So Far in 2019, How Can it be Stopped?

Six crypto exchanges have been hacked so far in 2019. How can cyber attacks be avoided and addressed in the future?

Throughout the past six months, seven crypto exchanges have reported large-scale hacking attacks in the tune of tens of millions of dollars, with the most recent platform to suffer a security breach being GateHub.

Exchanges Hacked in the First Six Months of 2019

As the global crypto exchange market continues to see an increasing number of security breaches leading to the loss of user funds, investors may become reluctant to rely on centralized exchanges to store funds.

GateHub — 18,473 accounts affected

As reported by Cointelegraph on June 6, the United Kingdom and Slovenia-based crypto exchange GateHub reported the loss of nearly $10 million worth of XRP.

In an update published on June 7, the GateHub team noted that an unidentified hacker used a sophisticated method to gain access to a database holding users’ access tokens and steal their funds. In the aftermath, GateHub said:

“Through a well-orchestrated attack, the perpetrator gained access to a database holding valid access tokens of our customers. We detected an increased volume of API calls (using these valid access tokens) coming from a small number of IP addresses.”

The exchange told its users that it will cooperate with its internal response team, law enforcement agencies, third-party professional security and forensics teams, and investigative authorities to analyze the breach and to potentially find the individual or a group responsible for the breach.

Insurance is just as important as security measures

Over the years, despite the efforts of exchanges to ramp up security measures and improve internal management systems, hackers have been able to deploy more sophisticated and advanced technologies to gain unauthorized access into corporate wallets and user accounts.

In some instances, as seen in the case of Binance’s $40 million security breach, it is difficult even for the biggest crypto exchanges in the world — with in-house security experts — to prevent unexpected breaches.

However, it is possible for exchanges to set up systems that allow for the speedy recovery of user funds.

Related reading: The Cryptopia Nightmare Drags on as Liquidators Struggle to Reimburse Hacked Users

Binance, for instance, established the Secure Asset Fund for Users (SAFU) in July 2018 to compensate users in the unlikely event of a hacking attack. Binance said in July 2018:

“Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”

Two types of wallets exist in crypto: hot wallets and cold wallets. Hot wallets are wallets that are connected to the internet and that are easily accessible. Cold wallets are wallets stored offline and are used by major exchanges to securely store reserves of cryptocurrencies like bitcoin.

Cold wallets cannot be hacked because they are not connected to the internet — and as such, exchanges hold the overwhelming majority of their reserves in cold wallets.

Still, despite having advanced security measures in place, hot wallets can be vulnerable to attacks, so it is ideal for an exchange to establish an insurance fund that is equivalent to the amount held in its hot wallet to prevent a security breach in the future affecting the exchange’s operations.

Such a practice does not prevent an exchange from suffering a hacking attack, but it minimizes the magnitude of an incident’s impact on the exchange and facilitates the recovery process to be more structured and apparent.

The largest crypto exchanges in the global market — the likes of Binance, Coinbase and Gemini — have either obtained insurance from third-party service providers or have internal insurance funds in place to compensate users, should an unexpected incident arise.

Coinbase, for example, notes that it maintains a reserve that is larger than its online storage with third-party insurance. The insurance document of Coinbase reads:

“Coinbase maintains commercial criminal insurance in an aggregate amount that is greater than the value of digital currency we maintain in online storage. Our insurance policy is made available through a combination of third-party insurance underwriters and Coinbase, who is a co-insurer under the policy.”

Gemini obtained the insurance services of Aon and the Federal Deposit Insurance Corporation in October 2018, and Yusuf Hussain, Gemini’s head of risk, said at the time:

“Consumers are looking for the same levels of insured protection they’re used to being afforded by traditional financial institutions. Educating our insurers not only allows us to provide such protections to our customers, but it also sets the expectation for consumer protection across the crypto industry.”

Communication between exchanges is crucial

Since hot wallets or online storage can become vulnerable to security breaches, it is of the utmost importance for exchanges to establish a line of communication with other platforms to trace and potentially freeze transactions when suspicious funds begin to move.

According to the GateHub team, some of the funds stolen in the $10 million security breach were sent to exchanges such as Kucoin, Huobi and HitBTC, all of which have Know Your Customer (KYC) policies in place. GateHub acknowledged this fact:

“The funds were sent to several exchanges, including, Changelly, Changenow, Kucoin, Huobi, Exmo, Hitbtc, Binance, Alfacashier and others. We have already contacted each recipient exchange with the aim to freeze and retrieve all customer assets.”

If exchanges have an efficient system to communicate when unforeseen events occur, it becomes possible for them to immediately suspend wallets that received the proceeds from a potential hacking attack and swiftly begin recovering funds.

In January 2018, South Korea’s four largest crypto exchanges — Bithumb, Upbit, Coinone and Korbit — created a hotline for major exchanges to ensure suspicious transactions could be detected and frozen immediately after being disclosed.

Transactions on public blockchain networks like Bitcoin and Ethereum are traceable due to the decentralized structure of the blockchain. Major exchanges are already working with analytics firms such as Chainalysis to maintain a database of suspicious transactions and wallets.

The presence of a hotline among major crypto exchanges in the global market would create a significantly more impractical ecosystem for hackers to distribute proceeds from an attack to various exchanges.

Why systems must improve

In previous years, most crypto-related hacking attacks were suffered by minor exchanges that typically could not afford to have an in-house security team and advanced measures in place.

However, in the past six months, major crypto exchanges such as Binance, Bithumb and Coinmama have all fallen victim to security breaches, all of which have well over hundreds of thousands of users.

Bithumb, which is considered to be one of the two biggest crypto exchanges in South Korea (alongside UPbit), was hacked in March for the third time in two years, in what the exchange suspects to be an insider job.

The Bithumb team said:

“According to the company’s manual, Bithumb secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service. As a result of the internal inspection, it is judged that the incident is an ‘accident involving insiders’. Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency and security companies.”

Last year, cybersecurity company Group-IB reported that seven crypto exchanges were hacked in 2018, with the largest breach suffered by Coincheck leading to the loss of a staggering $534 million worth in crypto.

Successful Attacks on Crypto Exchanges 2017-2018

Less than six months into 2019, and already six crypto exchanges have been successfully hacked — excluding the CoinBene incident, which some suspect may also be a hacking attack.

Related to this: Major Crypto Exchange in Korea Shut Down in April: 2018 Was a Nightmare for Most

In March, cryptocurrency researcher Nick Schteringard said that $6 million worth of coinbene coin and $39 million in maximine were stolen from the CoinBene exchange.

Blockchain infrastructure firm Elementus said in a report that the funds were quickly sold for ether (ETH) on Etherdelta, fueling the suspicions of investors about the incident. According to the report:

“After leaving CoinBene, the tokens were quickly moved into Etherdelta, where they were sold for ETH. A large amount of funds were also moved into centralized Exchanges, including Binance, Huobi, and Bittrex. The funds continue to move into exchanges as I write this.”

In April, CoinBene stated that the movement of tens of millions of dollars in coinbene coin and maximine coin was due to a maintenance the exchange carried out, denying any cyber attacks on its platform.

A troubling trend?

The worrying trend in the crypto exchange market is that, within the first six months of 2019, the industry has seen the same number of hacking attacks as in the whole of the previous year, and the security breaches in 2019 were mainly experienced by large-scale exchanges.

In the upcoming months and years, the methods and technologies utilized by hackers will continue to become more sophisticated and advanced.

While it is challenging to completely prevent unauthorized access, especially in the case of hot wallets, it is possible for exchanges to have proper insurance, an in-house security team and back-up reserves equivalent to the amount of crypto held in online storage to prevent users from being affected in the event of a security breach.

Posted on

Major Crypto Exchange in Korea Shuts Down: 2018 Was a Nightmare for Most

A major crypto exchange in South Korea has shut down, showing the intensity of the brutal 16-month bear market that caused a wide range of issues for crypto businesses.

The shutdown of Coinnest on April 18, one of the major crypto exchanges in South Korea, showcased the intense brutality of the 16-month bear market, which came crashing down as soon as bitcoin achieved an all-time high at a price of $20,000.

While not many major crypto exchanges have closed their operations in the past year, most exchanges — with the exception of some platforms considered to have real daily volumes by Bitwise Asset Management — have struggled to maintain a stable inflow of revenue.

The bear market was particularly difficult for small exchanges that are known to strategically inflate their volumes to appeal to users on leading market data platforms like CoinMarketCap.

Profit margins sharply dropped due to an overall drop in daily volumes for smaller exchanges such as Korbit in South Korea, creating a difficult environment to survive in.

Cryptocurrency exchanges generate the overwhelming majority of their revenues through fees that occur when trades are executed. When daily volumes of crypto assets drop, exchanges suffer a dip in revenue.

Profits or net losses recorded by top four crypto exchanges in South Korea in 2018

Why crypto exchanges suffered during the bear market, especially in South Korea

According to a report from The Block, Binance generated a quarterly profit of around $71 million from January to March 2019, nearing the annual operating profit of Upbit, South Korea’s largest crypto exchange.

Upbit is the only exchange among the top five cryptocurrency exchanges in South Korea’s local crypto exchange market to record a profit in 2018.

Bithumb recorded a net loss of $175 million, and other leading platforms like Coinone and Korbit also recorded relatively large losses in 2018 to the tune of tens of millions of dollars.

Although a Bithumb representative told MK, a mainstream media outlet in South Korea, that the business of the exchange remains solid, a $175 million loss could have been critical for the exchange if it had not reportedly secured around $190 million in new funding:

“Even during a phase in which the cryptocurrency market is struggling, Bithumb is sustaining a solid business with unique services and global market dominance. Bithumb will put in all efforts in protecting user funds.”

Other challenges: no new registrations

2018 was particularly hard for exchanges in South Korea because exchanges were prohibited from accepting new registrations for awhile. As such, exchanges experienced a substantial decline in revenues.

Last year was challenging even for Upbit, the country’s dominant leader in the cryptocurrency exchange market.

A representative of Dunamu, the parent company of Upbit, said that the exchange was able to operate healthily throughout 2018 due to the company’s strategy of reducing marketing efforts and resources by employing a cautious approach in management.

“In comparison to other exchanges, Upbit operated with caution by reducing marketing efforts and overall manpower because new registrations were blocked. Most of the revenues recorded by Upbit in 2018 were generated in the first quarter of 2018 when the cryptocurrency market was hot. Upbit actually recorded an increase in revenues and operating profit since 2017.”

For smaller platforms like Coinnest, it was virtually impossible to expect any substantial operating income because of the sentiment around the market and the state of the cryptocurrency exchange market in South Korea.

Coinnest specifically suffered more than others due to the exchange’s reported $5 million mishap in January, during which the exchange mistakenly sent more than $5 million to clients.  

Moreover, on Oct. 18, the former CEO of Coinnest was sentenced to three years in prison and a $2.6 million fine for fraud and for extracting user funds for personal financial gain. According to court documents, the former CEO and two other executives stole more than $30 million from users and reportedly faked around $400 million in volume.

Ultimately, citing regulatory uncertainty and a drop in crypto trading volume, a Coinnest representative said that the exchange was forced to close, a fall from grace for an exchange that was once the third biggest in the local market. The exchange’s representative said:

“It is a natural result of a decrease in trading volume. Both regulatory issues and business decisions have served as a background for this decision.”

Even big firms like Coinbase struggled

Small exchanges across major markets like Japan and South Korea often get acquired by larger companies or declare bankruptcy because of their focus on short-term profitability.

For exchanges, a strong network effect is crucial for sustainability. Hence, apart from the top five exchanges in every major region, most exchanges consistently struggle to generate profits.

In a bear market, the situation gets worse for both small and large exchanges, as seen in the performance of Coinbase in 2018.

On April 18, Reuters reported that Coinbase recorded an annual revenue of $520 million in 2018, which would normally be considered a healthy figure coming off of a brutal 85% correction of crypto assets.

But, Coinbase is one of the biggest exchanges in the global market, and it failed to reach its projection by 60%:

Bloomberg said in October 2018 that Coinbase expected an annual revenue of $1.3 billion in 2018 despite the correction of the market. Given that the document was obtained by Bloomberg late last year, it is likely that the last quarter was distinctly agonizing for exchanges.

Coinbase missed its annual revenue projection by a staggering 60% even with the continuous efforts of the exchange to increase the volume of the platform through the addition of new tokens and crypto assets.

Throughout the past two years, major exchanges in strictly regulated markets, such as the United States, refrained from prematurely listing tokens due to regulatory uncertainty around the nature of tokens.

In April alone, Coinbase listed tokens from Maker (DAI), Augur (REP) and EOSIO (EOS) on Coinbase Pro, following the listing of Stellar’s lumens (XLM) and the highly anticipated support for XRP, the cryptocurrency developed by Ripple.

The Coinbase team said after listing lumens in March:

“One of the most common requests we receive from customers is to be able to trade more assets on our platform. With the recent announcement of our new listing process, we anticipate listing more assets over time that meet our standards.”

Which other exchanges have shut down?

In South Korea alone, there are hundreds of cryptocurrency exchanges, with some reports estimating the number of exchanges in the country surpasses 100. Most of these exchanges are small companies that aim to drive short-term profits with aggressive token listings.

Due to a lack of resources, when minor exchanges are hit with security breaches, hacking attempts or a drastic drop in trading volume in the cryptocurrency exchange market, they are unable to cope with changes in market conditions.

Throughout the past 16 months, exchanges like Coinnest, Coinpulse and Liqui have shut down as a result of liquidity issues, and bigger platforms including QuadrigaCX, Coincheck and Zaif have closed following high-profile security breaches.

While Coincheck and Zaif have reopened in Japan with the approval of the Financial Services Agency (FSA), the two firms needed a lifeline from bigger conglomerates to fully compensate all user funds.

Zaif reopened on April 19 after securing a deal with Fisco worth around $44.5 million to compensate users affected by the hack.

“After that, on condition of financial support of approximately 5 billion yen, transfer of Zaif business from Tech Bureau Co., Ltd. to us was decided. In addition, we have asked customers via the Internet and by telephone etc. for the procedures for consenting to business succession,” Fisco team said.

Why small exchanges are always vulnerable

Small exchanges often fall victim to hacking attacks because compliance and security cost a significant sum of money. Well-regulated platforms like Gemini have insurance, in-house security experts and regular audits in place to secure user funds. But small exchanges cannot afford similar resources as major companies.

Even Coincheck, which was once the largest cryptocurrency exchange in Japan, did not have proper in-house security experts to oversee the platform:

Former Coincheck CEO Koichiro Wada said in April 2018:

“We were aware we didn’t have enough people working on internal checks, management and system risk. We strived to expand using headhunters and agencies, but ended up in this situation.”

Although an investigation is said to be ongoing in the QuadrigaCX scandal — during which Gerald Cotten, the CEO of the exchange, lost $190 million in crypto and other funds after he reportedly passed away with private keys — the Coinbase team speculated that QuadrigaCX may have also been affected by the bear market and faced liquidity issues. Brian Armstrong, the CEO of Coinbase, said:

“QCX was one of the oldest exchanges in existence (founded in 2013). If they planned an exit scam, it likely would have been timed better. They suffered a multimillion dollar bug in June 2017. This is when we start to see movement of funds to ‘cold storages.’”

Patterns of sends from cold storage suggest they tried keeping the exchange afloat, and maybe attempted to trade their way out of the hole. Liquidity dried out and the bear market of 2018 may have caught up with them. The sequence of events suggests this was a mismanagement with a later attempt to cover it up.

Exchange closures will decline as the industry matures

The crypto bear market is crucial because it allows the industry to settle down, reflect, escape the speculative mania phase and rebuild the infrastructure around the market.

During an extended correction, the prices of crypto assets plummet and the volume of the market drops, leaving many low-quality projects and exchanges with a few options.

The cycle of the crypto market of speculation-correction-build-rally improves the quality of the industry and focuses the resources, capital and labor within the sector to quality companies.

Posted on

South Korea: Bithumb Exchange Operator Reveals Plans for US, Japanese Markets

The CEO of Bithumb’s operator has revealed plans to expand to the U.S. and Japan.

The CEO of Singapore-based Blockchain Exchange Alliance (BXA) — which has a controlling stake in major South Korean crypto exchange Bithumb — has revealed plans to expand to the American and Japanese markets. The news was reported by Cointelegraph Japan on April 18.

BXA CEO BK Kim told Cointelegraph Japan in an interview that BXA’s strategy is to pursue a so-called reverse merger route by acquiring a publicly-traded company that is already listed on either Nasdaq or the New York Stock Exchange (NYSE).

The route can be a faster way to take a company public than a traditional Initial Public Offering (IPO), BK Kim noted, adding that it can also help reduce listing fees — reportedly estimated to amount to around $6 million.

According to BK Kim, BXA has already sought legal advice in the United States, where a lawyer has reportedly given the opinion that the current legal framework allows for BXA to be listed using such a reverse-merger structure.

The CEO also revealed that BXA is currently seeking potential partners in Japan to establish a joint venture for a crypto exchange that would be officially licensed by the country’s watchdog.

BK Kim further discussed plans to prospectively increase BXA’s stake in Bithumb by acquiring up to 70% of Bithumb operator BTC Holdings —  although he emphasized that even without the additional shares, BXA is already the controlling stakeholder for the exchange.

In regard to BXA’s own token, BXA — already listed on BitMax exchange — the CEO noted that a potential Bithumb BXA listing would require thorough consideration of regulatory impediments and that the firm would announce any further developments on the matter.

BK Kim’s disclosure of BXA’s U.S. plans confirms anonymous sources who had indicated the company’s interest in pursuing a reverse-merger this January, as reported at the time.

Earlier this week, BXA received $200 million in funding from Japan’s ST Blockchain Fund, with the reported intent to use the funds to expand the international outreach of Bithumb.

Bithumb has undergone a turbulent period, recently suffering losses of around $13 million from a late March hack in what executives suggested was an insider operation to defraud the company. The exchange was prompted to conduct an external audit to reassure users its funds were being kept in cold storage wallets and that the losses had affected the exchange’s assets only.

Prior to that, a major hack in 2018 had resulted in the loss of around $17 million. Bithumb’s company’s net annual losses for that year totalled about $180 million.

Posted on

Crypto Exchanges Collaborate With Bithumb to Freeze Stolen Funds After Major Hack

Details are still sketchy after Bithumb lost $18 million due to a hack.

In late March, major South Korean cryptocurrency exchange Bithumb lost around $18 million as a result of a hack. While the details are still sketchy — for instance, it is unclear whether or not it was an inside job, as Bithumb initially claimed — a large portion of the stolen funds have been frozen by various exchanges who received them from hackers attempting to sell the loot.

However, despite Bithumb stressing that the hijacked assets belonged to the company and not to its clients, the customers still can’t access their funds, since withdrawals and deposits have been disabled as part of the security measures.  

Bithumb reportedly lost 3 million EOS and 20 million XRP, claims it was an inside job

On March 29, Bithumb experienced what it described as “abnormal withdrawals” through its monitoring system. Then, as per the company’s manual, the exchange reportedly moved all remaining funds to a cold wallet. Additionally, deposits and withdrawals have been disabled on the platform for security reasons. In the accompanying blog post issued the day after the incident, Bithumb also assumed that the security breach was performed by insiders, citing the results of an internal inspection.   

Moreover, Bithumb blamed itself for the security breach. Specifically, the exchange team admitted that it only focused on protection from outside attacks and did not verify its staff, according to an announcement by the company. Bithumb also promised that the incident won’t occur again, because a workforce verification system is allegedly already in the works.

“We are working with major exchanges and foundations and expect to recover the loss of the cryptocurrency equivalent,” Bithumb’s statement reads. “Also we promise that we will open our progress clearly with social responsibility as a global leader company.”

Interestingly, while Bithumb never directly disclosed how much cryptocurrency was lifted in any updates regarding the hack, it has been established that more than 3 million EOS (about $12.5 million) were transferred from its hot wallet during the security breach. Moreover, according to cryptocurrency news outlet The Block, around 20 million XRP — the cryptocurrency created by Ripple — (equivalent to about $6.2 million) were also stolen.

Notably, Bithumb has stressed that the embezzled funds were owned by the company and that all assets belonging to its users are now under the protection of a cold wallet, which allegedly has not been compromised.

Thus, deposits and withdrawals on Bithumb have been disabled for more than two weeks at this point, although the exchange has announced that it will start accepting deposits and withdrawals for bitcoin (BTC) and ether (ETH) “with enhanced security” starting on April 17, 15:00 (presumably GMT+9). It is currently unclear if the trading has actually continued for those cryptocurrencies, as Bithumb has ignored Cointelegraph’s requests for comment.

Notably, earlier this year, South Korean tech news outlet ZDNet reported that Bithumb was one of just seven cryptocurrency exchanges that have passed a security audit performed by local regulators.

Major part of the stolen funds have been frozen by various exchanges

As mentioned above, Bithumb has insisted that the hijacked funds were entirely company-owned, and hence did not represent customers’ assets. In an attempt to prove this, on April 11, the South Korean crypto exchange published what it presented as results of an alleged professional external audit of its funds conducted on April 8, a little over a week after the hack.

“We have stated that we will conduct fair and objective due diligence on all assets that we have through a reliable external Audit,” the statement reads, linking to the accounting firm’s statistics. Bithumb’s statement continued:

“We are pleased to inform you that our members’ valuable assets are managed and maintained in a systematic / safe manner through the attached due diligence report.”

Nevertheless, the exchange’s clients have been stripped of the option to withdraw their funds from the platform, because that option was disabled soon after the incident occurred. In one of the statements, Bithumb also claimed they were working with the Korean police, Korea Internet & Security Agency (KISA) and unspecified “security companies” to deal with the aftermath.

The news about the hack was initially broken by Dovey Wan, founding partner at blockchain-focused Primitive Ventures, who also tweeted that part of the stolen EOS had ended up on a number of exchanges, while another portion had been moved to other addresses. Thus, Wan wrote, the exchange that received the most funds (662,000 EOS) was Exmo, followed by Huobi (263,000 EOS), Changelly (192,000 EOS), ChangeNOW (140,000 EOS) and KuCoin (96,000 EOS). According to blockchain security company PeckShield cited by The Block, smaller portions of the funds were also sent to CoinSwitch, BW, Binance and HitBTC.

The head of business development at Exmo, Maria Stankevich, confirmed to Cointelegraph that 662,600 EOS (around 22% of the total stolen sum) ended up on its servers.

“Due to really hard work of the whole team and sleepless night we managed to block almost all the funds.”

Now, Exmo is waiting for Bithumb to send an official inquiry to its British address so that the exchange can transfer the stolen assets back in accordance with the local law and GDPR-compliance processes. “We are in touch with Bithumb, they are doing all the necessary legal procedures right now,” Stankevich told Cointelegraph.

Huobi, which reportedly received 263,605 EOS (around 8.7%) of the stolen funds, also verified to Cointelegraph that its security team detected and subsequently froze the assets related to “the blacklisted account(s).”

ChangeNow has published a blog post confirming that “part of the funds worth more than half a million USD worth of EOS and XRP” were sent to its wallets. Soon after receiving a message from Bithumb about the ongoing hack, ChangeNow temporarily disabled EOS and XRP deposits, and blacklisted all the malicious addresses received from Bithumb. Pauline Shangett, the marketing and PR manager at ChangeNow, told Cointelegraph:

“We have been contacted by Bithumb representatives with regards to getting the funds returned to them, and their case is being processed in close collaboration with them and the Korean police. To our knowledge, the investigation is still ongoing.”

Changelly’s chief security officer, Sophia Lee, informed Cointelegraph that, as per its recent blog entry, $480,000 in EOS and $76,000 in XRP funds have been frozen until further investigation:

“Unfortunately, we’re not in the capacity to make any comments about our communication with the Korean police at a time. Currently, we’re finalizing the report with data about transactions, so there is no public statement just yet.”

KuCoin and CoinSwitch have also confirmed to Cointelegraph that they detected some of the embezzled assets funds in their wallets. Jing Cheung of KuCoin wrote via email:

“We have frozen the suspicious accounts per Bithumb’s and Korean police’s requests. We are now waiting for the instructions from Korean police regarding how could we return these digital assets.”

The CoinSwitch team told Cointelegraph that, although they run a noncustodial service that holds user funds only during the time of exchange, they were able to freeze some of the assets associated with the hack.

Cointelegraph has also reached out to Binance for further comment, but they declined to comment.

The account that was used to steal EOS from Bithumb is still live, according to data obtained from Eosq. Although the majority of the embezzled assets have been transferred to other addresses, some people seem to be sending dust transactions to the account in order to ask for the money via the comment section.

It is still unclear whether or not it was an insider job

As mentioned above, Bithumb was quick to argue that the security breach was performed by insiders. That raised suspicion among some Reddit users, who suggested that it was a damage-control tactic for the exchange, which experienced an even larger hack in June 2018. Redditor u/suibhnesuibhne wrote:

“Better to say an inside job after their last hack.”

Moreover, according to recent reports from local media, the Cyber ​​Investigation Department of South Korea’s National Police Agency has seized an external server as part of the investigation held at Bithumb’s office after discovering that it could have been involved in the attack. A police representative also told the newspaper that, regardless of whether the attack was performed from the inside or outside, it appears to be difficult to track the fraudsters, as they used multiple ways to cover their trail.

Bithumb gets hacked among other bad news, but receives $200 million in investments

The security breach happened against the backdrop of other bad news for Bithumb. First, in March, reports emerged suggesting that the company was cutting up to 50% of its workforce. Specifically, it was reported that Bithumb was reducing its staff from 310 to around 150.

“Voluntary retirement is part of our support program for former employees and is intended to provide assistance and training for job placement. Apart from that, [Bithumb’s] trading volume has decreased compared to the previous year, [so] we are trying to provide internal measures. We will continue to add necessary personnel for various new businesses,” according to an unnamed Bithumb official at the time.

Then, in April, local daily news outlet The Korea Times reported that Bithumb had a net loss of 205 billion won ($180 million) in 2018 due to the prevailing bear market. Citing data from the exchange’s operator,, the newspaper revealed that South Korea’s largest exchange experienced extensive losses despite its sales growing 17.5% compared to 2017.

Nevertheless, earlier this week, the Blockchain Exchange Alliance (BXA), which became Bithumb’s parent company after acquiring a controlling share in BitHumb Holdings in January, secured $200 million in funding from Japan’s ST Blockchain Fund. As Cointelegraph Japan wrote, the money will allow BXA to expand the international side of Bithumb and roll out new trading pairs.

Posted on

South Korea: Bithumb Exchange Operator Gains $200 Million From Japanese Investment Fund

Blockchain Exchange Alliance will use the funds to expand outreach and add extra trading pairs, the company says.

The parent company of major South Korean cryptocurrency exchange Bithumb has received $200 million in funding from Japan’s ST Blockchain Fund, the latter confirmed in a press release shared with Cointelegraph Japan on April 15.

The cash, which forms part of a Series A funding round, will allow Blockchain Exchange Alliance (BXA) to expand the international side of Bithumb, which is already one of South Korea’s largest exchanges. New trading pairs will also appear, the press release notes.

ST Blockchain Fund is based in Japan, but features participation from investors throughout the world, including Europe and the United States.

“The fund shared our vision of creating a global digital exchange platform that can efficiently transfer value across borders with lower costs, which was the key rationale behind this investment decision,” BXA stated in the press release.

The move comes in the wake of upheaval at Bithumb, which suffered losses of around $13 million late last month in what executives suggested was an insider operation to defraud the company.

The company subsequently released results of a third-party public audit, reassuring investors their funds were in suitably secure storage.

Prior to that, in 2018, a much larger hack had seen Bithumb lose what initially appeared to be around $30 million, the figure subsequently being reduced to $17 million.

As Cointelegraph reported last week, the company’s annual losses for 2018 totalled almost $180 million.

ST thus removes any doubt about its faith in the local market with the investment, as increasing Bitcoin (BTC) prices spark fresh interest from South Korea consumers.

Last week, the so-called “Kimchi Premium” — a surcharge for Bitcoin in fiat terms on South Korean exchanges — reportedly reappeared after an extended absence.

Posted on

Hodler’s Digest, March 25–31: Top Stories, Price Movements, Quotes and FUD of the Week

This week saw the hacks of several large cryptocurrency exchanges, while the SEC pushed back their BTC ETF decision.

Top Stories This Week

Owner of ICO That Never Happened Attempts to Sell Project on eBay for $60,000

The owner of a crypto-related startup dubbed Sponsy, which never launched its initial coin offering (ICO), is attempting to sell the project on eBay for $60,000. The project is described as a blockchain-related identity that is able to launch both an ICO and a security token offering (STO), with the author of the posting claiming that the project was both audited by an investment firm and approved by several investment banks. Sponsy also claims to have a solid social presence, although its Twitter and Facebook page posts have around ten likes on average. The eBay poster noted in an interview that he lost out on the ICO craze by taking time to develop a product, rather than first launching an offering.

Over 130-Year-Old Liquor Company William Grant & Sons to Track Whiskey on Blockchain

Premium scotch whisky brand Ailsa Bay, which is owned by William Grant & Sons (WG&S), a liquor company founded in 1887, is set to launch what it claims to be the world’s first scotch whisky tracked on the blockchain. According to the company, the whisky will be tracked in collaboration with blockchain firm arc-net, which will develop the new products and a system to track manufacturing from distillery to store. The reason behind the blockchain tracking is to prevent whisky counterfeiting in the United Kingdom, as well as allow the firm to gather data on both existing and potential customers by employing location systems for the purchases.

Tim Draper Urges Argentina’s President to Legalize Bitcoin to Improve Economy

When speaking to Argentine president Mauricio Macri, crypto bull and investor Tim Draper said that the legalization of Bitcoin (BTC) in the country could help improve their economic situation. During the meeting, Draper noted that the use of blockchain and crypto could help improve major economic problems, including the devaluation of the Argentine peso (ARS). Draper also reportedly proposed a humorous bet, stating that if the peso would be valued more than Bitcoin, he would double his investment in the country, but if BTC became higher than the peso, Argentina would have to declare the crypto a national currency.

Weiss Crypto Ratings Puts Bitcoin Aside EOS and XRP in Annual Outlook

The newest Weiss Crypto Ratings and given top cryptocurrency Bitcoin an “A,” along with Ripple (XRP) and EOS. In the report, which was based on an analysis of 120 cryptocurrencies, letter grades were assigned based on an evaluation of the possibilities for adoption and technology. XRP received the “A” ranking as it is well-positioned to compete with global interbank system SWIFT, while EOS was noted as making a solid attempt to become the “backbone of the new internet.” Bitcoin’s “A” ranking was due to its Lightning Network upgrade and use as of store of value. However, another ranking based on risk and reward factors failed to give any cryptocurrencies an “A.” The three currencies are followed by Ethereum (A-) and Cardano (B+).

 Crypto Exchange Bithumb Reportedly Hacked of Almost $19 Mln in EOS and XRP

Crypto exchange Bithumb reported this weekend that they have experienced a hack of an unknown amount, and are currently working with various law enforcement on the issue. The exchange notes that withdrawals and deposits have been temporarily paused, and that the loss does not affect users’ funds, but only those of the exchange. Unconfirmed reports state that around 3 million EOS (around $12.5 million) and 20 million Ripple (about $6.2 million) are the funds lost. The company’s post about the hack indicates that it was an insider job, but the details are as of yet unspecified.

Winners and Losers

The crypto market has ended with week with Bitcoin well above $4,100, Ethereum is at $143 and Ripple at about $.31. Total market cap is $144 billion.

Top three altcoin gainers of the week are AICHAIN, BBSCoin and HondaisCoin. Top three altcoin losers of the week are Luna Coin, Crowdvilla Ownership and Coinonat.

Winners and Losers

For more info on crypto prices, make sure to read Cointelegraph’s market analysis.

Most Memorable Quotations

“All of the big tech companies will come and say blockchain, blockchain, blockchain. I say, ‘Show me the use case. You bring me the use case and I’ll try it.’”

Catherine Bessant, Bank of America (BoA) chief technology officer


“If Quadriga was licensed under the Bermuda Monetary Authority, what has happened would not have been able to happen, because we have rules regarding the custody of master keys and making sure they’re not held by a particular individual.”

David Burt, Premier of Bermuda

“One of my theses here is that the cypherpunks’ attempts to get into the money business forced them to realize some other things along the way. And [one of those things] is that money is a fundamentally social thing in a much deeper way than, say, two-party encrypted communication You have to start thinking about governance, social contracts, common shared expectations in this community, how do changes get made, how do we decide how changes get made, how do we discuss things. These are all very political things.”

Vitalik Buterin, speaking at the RadicalxChange conference


“I do believe that the regulators right now are a little careful about just rubber stamping anything as it relates to crypto. You are going to have to have an offering that the regulators are going to have to get comfortable. And I think it is hard to get comfortable with something that is so new like this.”

Terry Duffy, CEO of United States derivative market CME Group


“What we are seeing is a collection of standards being created [that] will inevitably converge over the next three to five years to create a situation where you can move information and value between all these different systems ー not just Bitcoin to Litecoin to Ethereum to Cardano ー but also your regular bank account.”

Charles Hoskinson, a founder of IOHK, the firm that developed cryptocurrency Cardano (ADA)

Prediction of the Week

Sharp Bitcoin Rally in 2019 Unlikely

According to Emmanuel Goh, a former JPMorgan Chase derivatives trader and founder of crypto data firm Skew, Bitcoin is unlikely to recover its former five-digit highs in 2019. Goh has noted that, according to options traders, there is a five percent chance that Bitcoin will reach $10,000 by September of this year. The trader also noted that there is even a $20,000 call option for this June, but the probability of BTC reaching that price is zero, as it was likely a “bullish trade that was made last year when investors were still discussing the short-term possibility of making new highs.”

FUD of the Week

US SEC Delays Decision on Bitcoin ETF Applications From VanEck and Bitwise

The United States Securities and Exchange Commission (SEC) has again delayed its decision on a rule change to the Securities Act that would allow the listing of Bitcoin (BTC) exchange-traded funds (ETF). According to the latest notice, the SEC has extended the period to 90 days, after Bitwise’s Feb. 15 application reached the end of its 45-day time period. According to the extension, the SEC must now reach a decision on the rule change by May 16, 2019. The two firms, NYSE ARCA and Bitwise, had announced their recent plans to launch Bitcoin ETFs in January, with the former intending to launch five separate ETFs linked to both bull and bear futures contracts on NYSE Arca. The SEC has also extended its decision on the VanEck/CBOE Bitcoin ETF

Analysts Claim CoinBene Transactions, Recent Activity ‘Consistent’ With Exchange Hack

Elementus, a blockchain infrastructure firm, published details of recent transactions at crypto exchange CoinBene that they consider to be suspicious in the wake of a presumed hack. After $105 million in crypto was moved from the exchange’s hot wallet this week, CoinBene had assured users that it was a period of unforeseen maintenance responsible for the suspicious activity. Elementus has noted that they are not contradicting what CoinBene has claimed, but that their findings are consistent with the modus operandi for how hack are normally carried out, as the amount of crypto transferred is large and was quickly sold.

Android Malware Targets Users of 32 Crypto Apps, Including Coinbase, BitPay

According to research, a new strain of Trojan malware for Android phones is now targeting the global users of cryptocurrency apps including Coinbase, BitPay and Bitcoin Wallet, as well as banks including JPMorgan, Wells Fargo and Bank of America. Cybercrime analytics firm Group-IB noted that this is the first time that the Trojan, dubbed Gustaff, has been reported or analyzed, and that it is described as being designed for mass infections and spread by SMS messages linked to load malicious Android package kit files. The group notes that the malware’s creators have made a system that increases the scale of thefts by triggering autofills of payment fields for legitimate Android apps to maliciously reroute transfers to the hackers.

Best Cointelegraph Features

The Lightning Torch: How the Community United to Teach Jack Dorsey About Feeless, Rapid Off-Chain Transactions

After Twitter’s Jack Dorsey joined the Lightning Network Torch recently, awareness of the second-layer solutions both benefits and drawbacks have become more debated in the crypto ecosystem. Cointelegraph examines how the LN has changed over time, and how Dorsey’s reference to the technology has brought it more into the public eye.

Indian Street Protests for Cryptocurrency

After the Reserve Bank of India’s ban on crypto dealings last year, the crypto community is coming together again, this time in the form of a series of blockchain supporter rallies held across the country. With the fourth rally set for Bangalore, Cointelegraph looks at the possible public impact of this movement.

Meet the 21 Year-Old Entrepreneur Trying to Sell His Failed ICO on Ebay

After an eBay listing for a cryptocurrency- and blockchain-related project was posted with a price tag of $60,000, Cointelegraph reached out to the lister himself to find out what happened with the project that led him to sell it online in this particular format.

Posted on

Why Didn’t Crypto Markets React To Bithumb’s Loss Of XRP, EOS?

Bithumb Loses $19M in XRP, EOS

On Friday, rumors arose that Bithumb, South Korea’s largest crypto exchange, fell victim to a sudden hack. Hours after Bithumb’s deposit and withdrawal services were suddenly shut down, Primitive Ventures’ Dovey Wan, who cited data from local blockchain analytics teams, cybersecurity firms, and other sources, claimed that the exchange’s EOS hot wallet was hacked.

Wan explained that the account in question sent approximately 3.15 million EOS tokens ($13 million) to the hacker’s account, for subsequent distribution. The crypto was subsequently sent to exchanges like Changelly, ChangeNow, Huobi, and KuCoin presumably to be traded for more privacy-centric digital assets, like Monero (XMR).

Bithumb’s XRP hot wallet was purportedly cleaned too, with the attacker purportedly sending 20,000,000 XRP, worth $6 million, to their personal wallets.

Following Wan’s tweetstorm, Bithumb responded. In an update made on the company blog on Saturday morning, the firm claimed that it spotted an “abnormal withdrawal” from a company wallet, rather than what was assumed to be a hot wallet for consumers’ funds. Bithumb asserted that all “members’ assets are under the protection of a cold wallet.”

It added that the loss of company funds, valued at the aforementioned sum, was a result of an “accident involving insiders,” with Bithumb subsequently stating that it has contacted local authorities and cybersecurity firms. The popular platform mentioned neither “EOS” or “XRP”, but it is presumed that suspicious transactions regarding the latter crypto might just be an untimely coincidence.

Bithumb’s recent debacle comes less than 12 months after it lost $30 million (it recovered $14 million — $1 million of which was in XRP) in an external hack, which resulted in the shuttering of its services for a number of months.

Interestingly, this attack comes after DragonEx, a Singaporean exchange, was hacked for a relatively small sum that primarily consisted of Bitcoin. As reported by Ethereum World News previously, this firm is expected to issue an in-depth breakdown of the debacle in the coming week. In related news, CoinBene, a more popular platform suspected of facilitating false trades, is rumored to have lost cryptocurrencies to a value of $105 million.

News Not A Crypto Catalyst Anymore

While the cryptocurrency market seemingly dipped after Wan’s tweet went crypto-viral, with EOS falling by 2% within a few minutes’ time, the market rapidly recovered. And interestingly, this has become an industry theme over recent months.

Since the collapse from $6,000 to the low-$3,000s, fundamentals have failed to really spark a material movement in Bitcoin-specific markets (altcoins are a different story), even in terms of negative news. When Bakkt was delayed a number of times, for example, the market barely budged, in spite of the project being the most-awaited throughout late-2018. Many look to the fact that by and large, retail traders and whales, who drove the market in 2017, have either capitulated or lost sight of the news cycle, thus leading to non-action off devastating news. In other words, such traders are tone-deaf to the happenings of the underlying market, which could be precieved as either a positive or negative sign.

Title Image Courtesy of Marco Verch Via Flickr

The post Why Didn’t Crypto Markets React To Bithumb’s Loss Of XRP, EOS? appeared first on Ethereum World News.

Posted on

Crypto Exchange Bithumb Reportedly Hacked

According to crypto exchange Bithumb, the exchange detected unusual withdrawal activity.

Today, March 30, crypto exchange Bithumb posted on Twitter that their cryptocurrency withdrawals and deposits have temporarily been paused.

In an explanation linked to the tweet, the exchange writes that at 10:15 (time zone unknown) on the 29th, they detected what they describe as abnormal withdrawals through their monitoring system.

The exchange continues that they have “secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.”

According to the translated note, the incident was an “accident involving insiders” and they are conducting investigations with security companies, the cyber police agency, and KISA.

A tweet from crypto user Dovey Wan wrote that more than 3 million EOS has been transferred at Bithumb’s cold storage level, but this is unconfirmed.

Cointelegraph will update this story as it continues.