Last March, cryptocurrency exchange Bithumb reportedly lost as much as $18 million following a hack.
Hasn’t Bithumb Been Through This Before?
The company, which is based in South Korea, claimed it was an inside job. It later announced that all the funds stolen came directly from its own personal stash and not from customers. It said that all these stolen funds had been frozen so that the hackers could not sell them on other exchanges.
However, several weeks later, many customers are saying that they still cannot access their funds, and that withdrawals and deposits are still disabled while the company further examines the circumstances of the hack.
Bithumb said that it noticed massive withdrawals taking place on March 29. It decided to move all its remaining funds into cold storage and informed all its clients of the incident. Following an “internal inspection,” Bithumb later explained that the hack had occurred through “insiders.”
The exchange’s statement reads:
We are working with major exchanges and foundations and expect to recover the loss of the cryptocurrency equivalent. Also, we promise that we will open our progress clearly with social responsibility as a global leader company.
The biggest complaint here has to do with Bithumb’s lack of security protocols. How, after all this time, could any exchange utilize primarily hot wallet storage for its assets? Bithumb stated that it didn’t have any of its assets in cold storage and only moved them there following the questionable withdrawals.
The company also admitted that it focused primarily on outside attacks, but never verified its staff members. It has since been confirmed that the money stolen consisted primarily of $12.5 million in EOS funds, while another $6.2 million in XRP (Ripple’s official cryptocurrency) was also taken.
Adding insult to injury is the fact that Bithumb was previously hacked in June 2018, less than a year ago. It spent weeks working to recover the lost funds, of which 45 percent were ultimately reclaimed.
Continuing its statement, Bithumb announced:
We have stated that we will conduct fair and objective due diligence on all assets that we have through a reliable external audit… We are pleased to inform you that our members’ valuable assets are managed and maintained in a systematic / safe manner through the attached due diligence report.
Why Didn’t Bithumb Take Stronger Precautions?
Despite this, customers are still unable to withdraw their funds, and the option to do so remains fully disabled. Representatives also say they are now working with police authorities, the Korean Internet and Security Agency (KISA) and “unspecified security companies” to get a better idea regarding what might have occurred.
Interestingly, Bithumb was one of only seven cryptocurrency exchanges in South Korea this year to pass an official security audit.