Bithumb has been hacked for a third time – with speculation that more than $20m has been stolen from the embattled exchange’s hot wallets.
The South Korean exchange confirmed the news in a short statement, which was posted in both Korean and English.
A Bithumb spokesman said the company had uncovered unusual levels of activity from its hot wallets. These are the accounts where crypto is held for users who are trying to complete transactions in real time.
According to crypto insiders, the hacker created a Bithumb account on the morning of March 29. About 12 hours later, it is believed that they stole more than three million EOS – crypto that would have been worth in excess of $13.4m at the time of the cyberattack. In addition, 20 million Ripple (XRP) coins went missing – meaning that the total lost as a result of the hack could stand at $20m.
In the immediate aftermath of the incident, transactions were paused by Bithumb for a short time. The company has stressed that users who store funds in its exchanges have not been affected, with a spokesperson claiming that a wallet belonging to Bithumb was the target.
The breach is bad news for Bithumb, as this is the third cyberattack to take place in two years. Back in the summer of 2017, an estimated $7m worth of Bitcoin and Ethereum were taken. Meanwhile, almost a year later, an eye-watering $31m of XRP was taken.
Already struggling to prove to customers that it is a safe place for storing funds, Bithumb’s reputation is likely to take another knock as a result of the third hack.
Indeed, questions are now being raised about who could have been behind the security breach, whether it could have been prevented, and who the likely culprits were.
The hacker responsible may not have been far from home. As TUNF reported, North Korea has been especially active when it comes to cyberattacks, with a UN report recently estimating that Pyongyang had amassed more than $571m in digital assets through hacking – crimes that have helped the isolated state mitigate the impact of punishing economic sanctions.
Analysis released last October linked Bithumb’s second hack to the Lazarus Group, the codename bestowed upon North Korea’s cyberespionage unit.