Personal details on 30,000 people have been stolen from South Korea-based crypto-currency exchange Bithumb, leading to the theft of funds from their Bitcoin and Ethereum accounts.
The company, one of the largest exchanges for virtual currencies in the world, said the data theft happened after an employee's PC was hacked. From there, the hackers used the information to text and call users to con them out of their authentication codes, which were then used to steal funds from the accounts.
According to reports, the Korea Internet and Security Agency has launched an investigation into the incident, which happened in February. Bithumb said it would compensate victims, though the company didn’t say exactly how much it would reimburse. The losses have totaled more than $1 million.
According to Ben Hertzberg, research group manager at Imperva, attackers can make plenty of money when attacking crypto-exchanges due to a variety of factors: The anonymity of the cryptocurrencies, hence the ability to “get rid” of the stolen goods with limited risk; and also by speculating on market prices (especially in specific exchanges or markets) and causing dramatic changes.
"The last few weeks have been dramatic for cryptocurrency and its traders, when the market volatility gave opportunity to both honest investors and criminals alike,” said Hertzberg. “This is due to the surges in demand for Bitcoin (bringing it to over $2,700, which has now stabilized over the last couple of days at around $2,500) and other cryptocurrencies like Ethereum which spiked from almost zero to $400 in a very short while, now at around $270.”
The PC that was hacked was located in the employee’s home.
“The fact that access appears to have been initiated by initially compromising an employee’s personal PC is a very worrying development—highlighting huge failings on so many levels, from an employee education and training standpoint, all the way to administrative and technical controls, to monitoring and enforcement,” said David Kennerley, director of threat research at Webroot, via email.
“Such cases emphasize the need for businesses to have clearly defined security policies and procedures round the use of personal devices for work purposes and the re-use of passwords—employees should not be using their work passwords for personal use,” said Kennerley. “While businesses should consider investing in technical security layers, from threat intelligence solutions, to two factor authentication—which would surely have helped in this case. Understanding why this hack is only coming to light now will be one of the first questions customers will wish to have answered very quickly—as this breach is reported to have occurred in February of this year.”