Posted on

EOS DApps Lose Almost $1 Million to Hackers Over the Last Five Months

Decentralized apps on the EOS blockchain have reportedly seen 27 hacks from July till late November, losing up to 400,000 EOS.

Decentralized apps (DApps) based on the EOS blockchain have lost up to $1 million to hacks since July, Chinese crypto media Blockchain Truth reports Tuesday, Dec. 4.

The report cites data by PeckShield, a blockchain security company that monitors different ecosystems. According to the report, the DApps on EOS have seen 27 breaches from July to late November, losing up to 400,000 EOS, or 8 million yuan. As of press time, the amount hacked was worth $800,000 according to the EOS price chart on CoinMarketCap.

Nonetheless, Guo Yonggang, an expert cited by Blockchain Truth, believes that most of the attacks on EOS DApps correlate with their vulnerabilities rather than with a bug in EOS itself. Yonggang also tends to think that similar attacks will become more frequent, as hackers are intensively seeking exposures in applications.

Moreover, the report states that the EOS blockchain has a significant amount of dormant accounts — around 200,000 of 500,000 in total. In addition, nearly 120,000 accounts are reportedly managed by groups, which means that 37 percent of the EOS blockchain is real active users.

As of press time, EOS’s price hovered around $2. Its total market capitalization is up to around $1.8 billion, which makes EOS the seventh largest cryptocurrency by market cap.

Last week, United States -based cryptocurrency exchange Coinbase announced it was exploring the option to list over 30 more cryptocurrencies, including major players such as Ripple (XRP), EOS and Cardano (ADA). However, the exchange noticed it would likely be a long-term process, and some assets might not be available in several countries.

As Cointelegraph reported in early December, the month has started with yet another debate around the EOS ecosystem, as Starteos — one of the official sanctioned nodes which can approve EOS transactions — appeared to publically offer its token holders financial rewards in return for their votes.

EOS had previously come under criticism for a lack of decentralization after some confirmed transactions allegedly from a phishe account were reversed this fall.

Posted on

Bittrex to Delist Bitcoin Gold by Mid-September, Following $18 Million Hack of BTG in May

Crypto exchange Bittrex will delist Bitcoin Gold (BTG), a hard fork of Bitcoin (BTC), by September 14 following an $18 million hack of the BTG network in May, The Next Web reported September 3.

Founded in 2007, the hard fork cryptocurrency Bitcoin Gold has suffered a “double-spending” hacking attack that reportedly allowed the unknown hijackers to take control of more than 51 percent of the BTG hashrate. The attack, which reportedly started on May 18, 2018, has managed to amass more than $18 million in Bitcoin Gold from various exchanges, including Bittrex.

Following the hack, the Bitcoin Gold team explained that the attacker was deploying the combination of a 51 percent and double-spend attack in order to defraud crypto exchanges. They noted that the hacker was targeting exchanges since they “accept large deposits automatically, allow the user to trade into a different coin quickly, and then withdraw automatically.”

Specifically, the attacker was making large BTG deposits on exchanges, at the same time sending the same funds to his own crypto wallet. By the time the exchanges realized that the transaction was invalid, the hacker had already withdrawn funds from the exchange and doubled his original funds.

According to the recent report, Bittrex has not specified the amounts of losses the cryptocurrency exchange has suffered as a result of the BTG attack. However, the major crypto exchange has reportedly requested more than 12,000 BTG (worth around $255,000) as a compensation from Bitcoin Gold.

While Bittrex has blamed BTG’s Proof-of-Work (PoW) consensus as a factor that led to the double-spending attack, Bitcoin Gold claimed that their team “is not responsible for security policy within private entities like Bittrex,” adding that the exchanges “must manage the related risks and are ultimately responsible for their own security. With that, BTG developers acknowledged the risks taken by their own blockchain, subsequently posting an upcoming hard fork upgrade plan.

The $18 million hack is not the first successful attack associated with the Bitcoin Gold cryptocurrency. In late 2017, a fake BTG wallet stole private keys worth $3.3 million in crypto.

At press time, Bitcoin Gold’s market share amounts to $373 million, and the coin is trading at around $21.70 and ranked 30th by market cap, according to CoinMarketCap data.

As for Bittrex, the crypto exchange has recently become one of the entrants to the “Virtual Commodity Association Working Group” — the self-regulatory association for digital commodities like cryptocurrencies. The organization is planning to develop industry standards and to “be a precursor to the formation” of self-regulatory activity for cryptocurrencies.

Posted on

AT&T Sued for $224 Million After Phone Hackers Rob Crypto Investor

Cryptocurrency investor Michael Terpin has sued the telecom giant AT&T, alleging that the company failed to protect his cell phone from a hacking incident that ultimately cost him $24 million.

In a lawsuit filed by Los Angeles litigation firm Greenberg Glusker on August 15, Terpin claimed that AT&T’s employees have been complicit in a SIM swap fraud. In this type of scam, criminals pose as the owners of their victims’ mobile phone numbers, convincing telecom providers to grant them access to their phones.

This allows them to access the victim’s accounts at various services, which includes cryptocurrency wallets.

The lawsuit claims that Terpin’s account has been hacked twice in seven months, saying “most troubling, AT&T has not improved its protections even though it knows from numerous incidents that some of its employees actively cooperate with hackers in SIM swap frauds by giving hackers direct access to customer information and by overriding AT&T’s security procedures.”

Terpin is seeking $24 million in compensatory damages and a further $200 million in punitive damages, according to the suit.

The lawsuit also claims that security issues are nothing new to AT&T, which has been already accused of failing to protect its clients.

“In recent incidents, law enforcement has even confirmed that AT&T employees profited from working directly with cyber terrorists and thieves in SIM swap frauds,” the plaintiff contended.

In a statement, Terpin said that “mainstream adoption of cryptocurrency cannot take place as long as phone company employees are handing over critical unauthorized access to the heart of everyone’s digital lives.”

When reached for comment, AT&T director for corporate communications Jim Greer told CoinDesk that “we dispute these allegations and look forward to presenting our case in court.”

He declined to elaborate on the company’s objections to the allegations.

Image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Investor Files Lawsuit Against AT&T Over Hack That Allegedly Lost Him $24 Mln in Crypto

An U.S. investor has filed a $224 million lawsuit against telecoms giant AT&T over alleged negligence that he claims caused him to lose $24 million in crypto, CNBC reports August 15.

Plaintiff Michael Terpin has reportedly filed a 69-page complaint with the U.S. District Court in Los Angeles against his erstwhile telecoms provider, alleging that $24 million in cryptocurrency was stolen via a “digital identity theft” of his cell phone account.

Saying he was the victim of two hacks within seven months, the investor accuses AT&T of “willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy.”

After the first hack, Terpin claims that “insider cooperati[on] with the hacker” enabled an imposter to acquire his cellphone number without being required to show valid identification or a password. That phone number later allegedly facilitated the hacker’s access to Terpin’s crypto holdings, CNBC reports.

“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” the complaint continues.

Terpin is said to be seeking $200 million in punitive damages and $24 million in compensation from AT&T.

The plaintiff is reportedly the co-founder of an angel group for Bitcoin (BTC) investors dubbed BitAngels in 2013 and of a digital currency fund, the BitAngels DApps Fund.

More commonly, crypto-related lawsuits have been filed against cryptocurrency exchanges and their alleged mishandling of security breaches. Since the unprecedented theft of over $500 million in NEM tokens from hacked Japanese exchange Coincheck this January, numerous class action lawsuits have been filed by investors suing the exchange over its decision to freeze withdrawals in the hack’s aftermath.

Posted on

ICO Platform Promises Full Refund Following $7 Million Hack

Initial coin offering support platform KickICO lost $7.7 million in KICK tokens in a hack on Thursday, the company reported.

CEO Anti Danilevski wrote in a blog post that the startup’s team discovered some 70 million KICK tokens missing from its wallet after the KickCoin smart contract owner’s private key was compromised. Several users’ wallets were emptied as part of the hack, though the startup committed to returning tokens to all holders.

Danilevski said the firm first learned of the breach when users complained they could not find tokens worth around $800,000 in their wallets.

The hackers allegedly destroyed tokens on 40 different wallet addresses and generated tokens on 40 different addresses to evade detection from KickICO’s team, he said. This was possible through the way the KickCoin smart contract is integrated with the Bancor network.

KickICO has restored control over the smart contract intends to return all lost tokens to users, he said.

The platform, which launched in mid-2017, raised 5,000 ETH in a pre-ICO funding round, and now hopes to raise a further 100,000 ETH during its token sale. To that end, the project has partnered with Bancor, as well as blockchain startups Pacatum, Coinhills and Qoin.

$100 bills image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Bithumb Claims to Have Retrieved $14 Million in Hacked Cryptos

South Korean cryptocurrency exchange Bithumb says it has almost halved the losses arising from a recent hack.

As previously reported by CoinDesk, Bithumb, one of the largest crypto exchanges in South Korea and the world by trading volume, was hacked on June 20  – an event that saw 35 billion Korean won ($31 million) in various cryptocurrencies stolen.

The company published a progress update on Thursday, claiming that it has now reduced that damage to 19 billion won ($17 million) after collaborating with worldwide exchanges to retrieve some of the funds, as well as to try and prevent further losses.

In today’s update, Bithumb also disclosed for the first time that 11 crypto assets were stolen during the breach. Notably, bitcoin accounted for the largest loss, with 2,016 BTC taken – an amount worth $12 million at press time.

Other major cryptocurrency losses include 2,219 ether, 692 bitcoin cash and 5.2 million XRP, worth around $950,000, $487,000 and $2.4 million, respectively, based on the latest price data from CoinDesk. The remainder comprised of lesser known cryptocurrencies, including significant amounts of aelf, golem and kyber network tokens.

The exchange further explained that the incident is still not yet fully concluded and, as such, it will continue its suspension of asset deposits and withdrawals on the platform. So far, Bithumb has not disclosed an expected timeline for the resumption of a full service.

Following the last week’s heist, 24-hour trading volume on Bithumb has dropped significantly – from $400 million at the time to $124 million currently – data from CoinMarketCap shows.

Korean won image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Bithumb Working With Other Crypto Exchanges to Recover Hacked Funds

South Korea’s Bithumb cryptocurrency exchange said Thursday that it may be able to reduce the financial damage arising from a multi-million dollar hack earlier this week.

In an update on its website, the firm said that although it has reported losses equivalent to $31.5 million to the Korea Internet & Security Agency (KISA), it may ultimately be able to lower that figure.

The exchange stated:

“We have announced about 35 billion Korean won of damages … Bithumb is reducing the amount of damage through ongoing damage recovery, future figures are expected to be lower.”

It explained that it was working with cryptocurrency exchanges and others to prevent further losses and retrieve the funds.

Further adding that the exchange keeps company and customer funds separately, the update said: “The company believes that you can use Bithumb safely.”

News of the hack broke Wednesday after Bithumb confirmed that attackers had managed to access their systems and stolen the millions in cryptocurrency. So far the firm has provided no details on how the attack was carried out or which cryptos and in what amounts were taken, although XRP is believed to have been targeted.

The company did reassure customers that the remaining assets had been moved to offline cold wallets as a security measure and that it has halted all deposits and withdrawals for the time being.

In what is likely welcome news for customers, Bithumb has also stated that it would cover the losses arising from the breach from its own reserves.

In a press release issued today, the Korea Blockchain Association, a self-regulatory group comprised of exchanges and blockchain startups, called the hack “embarrassing,” but added that exchanges taking on hacking losses is “a good way to protect our users.”

The association continued to say: “We will continue to establish standards for user protection such as security, standard conditions and dispute settlement procedures that cryptocurrency exchanges should have. “

According to an article from CoinDesk Korea, also published today, the agencies that are helping investigate the breach include the Korea Communications Commission, KISA and the country’s police agency.

Note: Statements in this article have been translated from Korean.

Korean won image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Bithumb Says $31 Million Hack Estimate May Be Reduced

South Korea’s Bithumb cryptocurrency exchange said Thursday that it may be able to reduce the financial damage arising from a multi-million dollar hack earlier this week.

In an update on its website, the firm said that although it has reported losses equivalent to $31.5 million to the Korea Internet & Security Agency (KISA), it may ultimately be able to lower that figure.

The exchange stated:

“We have announced about 35 billion Korean won of damages … Bithumb is reducing the amount of damage through ongoing damage recovery, future figures are expected to be lower.”

It explained that it was working with cryptocurrency exchanges and others to prevent further losses and retrieve the funds.

Further adding that the exchange keeps company and customer funds separately, the update said “The company believes that you can use Bithumb safely.”

News of the hack broke Wednesday after Bithumb confirmed that attackers had managed to access their systems and stolen the millions in cryptocurrency. So far the firm has provided no detail on how the attack was carried out or which cryptos and in what amounts were taken, although XRP is believed to have been targeted.

The company did reassure customers that the remaining assets had been moved to offline cold wallets as a security measure and that it has halted all deposits and withdrawals for the time being.

In what is likely welcome news for customers, Bithumb has also stated that it would cover the losses arising from the breach from its own reserves.

In a press release issued today, the Korea Blockchain Association, a self-regulatory group comprised of exchanges and blockchain startups, called the hack “embarrassing,” but added that exchanges taking on hacking losses is “a good way to protect our users.”

The association continued to say: “We will continue to establish standards for user protection such as security, standard conditions and dispute settlement procedures that cryptocurrency exchanges should have. “

According to an article from CoinDesk Korea, also published today, the agencies that are helping investigate the breach include the Korea Communications Commission, KISA and the country’s police agency.

Note: Statements in this article have been translated from Korean.

Korean won image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Bithumb Exchange's $31 Million Hack: What We Know (And Don't Know)

On Wednesday, roughly 35 billion Korean won (around $31 million) in cryptocurrency was stolen by hackers from the South Korea-based exchange Bithumb.

Although the breach may not be as significant as the $530 million hack of the Coincheck exchange earlier this year, the fact that Bithumb now ranks as the sixth biggest trading venue in the world still marks it as a notable, and worrying, incident.

While more details about the heist have surfaced in the hours following the event’s confirmation, providing a glimpse into Bithumb’s internal operations, some important questions about the hack still remain unanswered.

Here’s what we know about the hack so far, and some details we still don’t.

What we know

XRP reportedly compromised

While Bithumb has not yet disclosed details of the stolen coins bar their dollar amount, news emerged following the hack that XRP, the native token of the Ripple protocol, may have been targeted, according to reports from CoinDesk Korea and news agency Yonhap.

Based on data from CoinMarketCap, Bithumb accounted for 10 percent of the global trading volume of XRP over the last 24 hours, with a total of $32 million-worth changing hands.

Bithumb has so far not responded to CoinDesk’s request for comment.

IT improvement failed

While Bithumb officially confirmed the breach early Wednesday morning local time, it appears that security issues were already drawing attention from the exchange at least several days ago.

According to a follow-up report from CoinDesk Korea, Bithumb conducted a security enhancement checkup on June 16, just days before the confirmed hack.

The exchange explained at the time:

“Recently the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system.”

At the same time, Bithumb also started moving users’ assets to a cold wallet to store cryptocurrencies in a more secure offline environment.

The CoinDesk Korea report indicated that the hack comes at a time when Bithumb is spending 10 billion won, or around $9 million dollars annually on security measures. Another report from Yonhap further suggests that Bithumb beefed up its security measures by implementing so-called “5.5.7 regulations” last month.

Under this requirement, at least five percent of a financial institution’s staff should be IT specialists. Among those, five percent should focus on information security, while at least seven percent of the firm’s total budget should be on information security.

The report from Yonhap stated that 21 percent of Bithumb’s employees are technology specialists as of May, and 10 percent of those are responsible for information security. Further, about eight percent of the annual spending budget is used for data protection activities.

Although Bithumb appears to have fulfilled the 5.5.7 requirements, the report said the fact that it has 300 employees means it may not be able to cope with the increasing amount of trading volume and user numbers on its platform.

Government weighs in

An hour before Bithumb confirmed the hack on its website and official Twitter account, the exchange reported the case to the Korea Internet & Security Agency (KISA), a government organization that supervises internet and cybersecurity issues in the country.

An official from KISA said a dedicated analysis team is currently in the process of investigation the hack. As of press time, the agency has not yet disclosed any details from its investigation so far.

Bithumb to refund users

Immediately after announcing the hack, Bithumb confirmed it will pay back victims using its own reserves.

Industry experts later weighed in, including bitcoin pioneer Charlie Shrem, who praised the move despite the unwelcome incident.

“Bithumb hacked for $30 million but covering all losses. Out industry is getting better and stronger,” he tweeted.

In addition, litecoin creator Charlie Lee also commented that he believes the smart move is to “keep on exchange coins that you are actively trading. It’s best to withdraw right after trading.”

This is not the first time that Bithumb was reportedly hacked. As previously reported by CoinDesk, the platform was compromised last year with as many as 30,000 users impacted. At that time, Bithumb later announced that it would repay each victim with 100,000 Korean won each, an amount worth about $85.

Bitcoin price dips by $200 

According to data from CoinDesk, the price of bitcoin dropped by nearly $200 to a daily low so far of $6,561 an hour after Bithumb initially published the statement. As of press time, the price had bounced back to $6,640.

In addition, as Bithumb has so far only suspended asset deposits and withdrawals, trading activity on the exchange actually appears to be increasing since the news broke. Based on data from CoinMarketCap, 24-hour trading volume was initially seen at around $350 million at the time of the news and later climbed to $380 million around noon local time on Wednesday.

As of press time, Bithumb still remains the sixth largest platform globally.

What we don’t know

Extent of the breach

Aside from reports saying that XRP is one of the assets that was stolen in the hack, it’s still unclear at the moment what other assets have been lost and in what quantities. In addition, it’s also not clear the number of users on Bithumb that had been impacted.

In its announcement, Bithumb refrained disclosing these details, adding that it may disclose the hacked tokens today. It has not made any statement on that at press time.

Further, it’s not publicly known at this time which wallet addresses the hacked cryptocurrencies have been sent to, or whether any have been liquidated or not.

Currently, there are over 37 cryptocurrency assets on Bithumb that are available for trading against the Korean won. Among them, EOS and TRON together account for over half of the total trading volume on Bithumb, at 31 and 22 percent, respectively.

Cause of the breach

At this stage, Bithumb has not officially announced what exactly allowed the hackers to access its system, nor has it provided an estimated timeline for when asset deposits and withdrawals will resume.

Currently, the cybersecurity division of South Korea’s National Police Agency has sent seven investigators to Bithumb’s office in Seoul to conduct interviews and inspect servers, according to a report from Yonhap.

However, the news agency cited anonymous sources from the industry that malicious emails had been sent to Bithumb users earlier this month. This possibly led to the hack, as hackers would be able to obtain account information if users clicked on links inside the phishing email.

It remains to be seen whether more details on the cause will be forthcoming as the investigations by the firm and the authorities continue.

Regulatory situation

Bithumb’s hack marks the second cyber incident in the crypto industry in South Korea in recent days, and its second in less than a year. Less than two weeks ago, a breach at Coinrail is thought to have seen $40 million-worth of cryptocurrencies stolen. While, last year, a hack of the Youbit exchange notably led to the exchange filing for bankruptcy.

Apart from requiring domestic exchanges to enforce a real-name verification process, financial watchdogs in South Korea have not yet made any concrete move in regards to regulating exchanges in a legal framework.

It remains to be seen whether the Financial Services Commission will take a similar stance to its counterpart in the neighboring Japan.

Following the notable hack of Mt. Gox in 2014, which was the largest cryptocurrency exchange at the time, regulators in Japan moved to launch a legal framework in 2017 that would allow the authorities to issue licenses to qualifying exchanges.

Hack image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Crypto Exchange Bithumb Halts Withdrawals Amid $31 Million Hack

Bithumb, one of the largest cryptocurrency exchanges in South Korea by trading volume, is halting asset deposit and withdrawal services after hackers stole 35 billion won (or $31 million) from the platform.

The company said in an announcement today that the hack happened between late Tuesday night until early Wednesday morning Korean time. Though Bithumb has yet to disclose which cryptocurrency or in what amount had been damaged, it said in the announcement that the loss will be covered by the platform.

Meanwhile, the company said other assets have been moved to a cold wallet that stores cryptocurrencies in an offline environment that is not accessible through the internet. As such, Bithumb said investors should “immediately discontinue depositing cryptocurrencies until further notice.”

The exchange has not responded to CoinDesk’s request for comment.

As of press time, Bithumb is seeing over $300 million 24-hour trading volume on its platform, making it currently the sixth largest exchange in the world, data from CoinMarketCap shows.

The hack marks the second incident in less than two weeks in South Korea. As previously reported by CoinDesk, Coinrail, a smaller cryptocurrency exchange in the country also reported that it was hacked on June 10.

Though the platform did not disclose the amount of the damage, other sources suggested at the time that $40 million worth of cryptocurrencies could be at risk.

CoinDesk will continue monitoring the evolving situation.

Korean won image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.