Bithumb Hacked Again? – Hackers Reportedly Steal $15 Million in EOS

Bithumb temporarily suspended deposit and withdrawal services on its platform. The South Korean cryptocurrency exchange appears to be the latest victim of another hack with $15 million worth of EOS allegedly stolen by cybercriminals.

Bithumb Admits Suspicious Activity

In a notice published on the company’s website on Saturday (March 30, 2019), Bithumb apologized to its users for inconveniences suffered on account of its decision to temporarily suspend deposit and withdrawals services on the platform.

According to the statement, the move was a precautionary step following the detection of unusual cryptocurrency withdrawals from its cold wallet storage. Bithumb also said that it was collaborating with other platforms to trace and recover the stolen funds.

An excerpt from the statement reads:

Our members’ KRW deposit/withdrawal service is normally available, and we will do our best to secure the stability of the service and to resume as soon as possible. Specific resumption schedule will be announced through a separate announcement.

Another Bithumb Hack?

The Bithumb statement comes almost 24 hours after reports first emerged on Twitter of another Bithumb hack. According to Dovey Wan, suspected hackers gained control of the private key for Bithumb’s EOS account.

The entire timeline as below – h/t @evilcos @chiachih_wu

(SGT time zone)

3/29 9:40AM – Hacker account ifguz3chmamg was created via accountcreat

3/29 9 to 11PM – Bithumb wallet g4ydomrxhege has been transferred out 3,132,672 EOS to the hacker account, total 16 transactions

— Dovey Wan (@DoveyWan) March 30, 2019

The hackers were reportedly able to steal more than 3 million EOS tokens worth about $15 million. Whale Alert, a Twitter handle that tracks large cryptocurrency transactions also reported the same transaction from Bithumb to an unknown wallet.

3,069,400 #EOS (13,449,345 USD) transferred from #BitHumb to Unknown wallet

Tx: https://t.co/192JByOufs

— Whale Alert (@whale_alert) March 29, 2019

Following the alleged theft, the suspected hackers have since moved the funds to other platforms like Huobi, HitBTC, and KuCoin. As at press time, none of the other platforms involved in the matter have released any statement.

Yup, that's definitely the transaction from @whale_alert . So we can absolutely confirm that #Bithumb has known about this for 17 hours and counting without so much as a peep.

Shoutout @DoveyWan for doing @BithumbOfficial 's job for them. pic.twitter.com/CEdJqupudn

— James Edwards (@ProofofResearch) March 30, 2019

Inside Job

If the reports of the attack turn out to be true, it will be the second hack suffered by Bithumb in less than nine months. Back in June 2018, hackers stole $31.5 million but did manage to recover about 45 percent of the stolen funds less than a fortnight later.

A potentially troubling aspect of the story so far is the report that the attack might have been an inside job. Bithumb’s statement even points to this possibility, saying:

As a result of the inspection, it is judged that the incident is an accident involving insiders because the external intrusion path has not been revealed until now. Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency, and security companies.

Do you think the alleged was an inside job? Share your thoughts with us in the comments below.

Images courtesy of Twitter (@DoveyWan, @whale_alert, and @ProofofResearch), Shutterstock