South Korean cryptocurrency exchange Bithumb has been hacked, resulting in the loss of roughly 35 billion Korean won (approx $31.5 million) worth of tokens.
The hack appears to have begun at around 11pm KST on Tuesday, and affects tokens including the highly popular Ripple cryptocurrency (XRP), though other affected tokens have not yet been disclosed. The exchange began blocking deposits from 1:30am today.
Attempts to hack the exchange seem to have been going on since before this, however – last weekend, Bithumb conducted an ‘urgent’ security checkup, explaining that this was due to an increase in the number of unauthorised access attempts. The exchange also said that it had begun moving users’ assets to cold wallets.
On its homepage, Bithumb told users to refrain from making deposits for now, and said that both deposits and withdrawal services are being halted. Remaining tokens, the exchange says, are being stored in cold wallets.
“Currently, we are conducting an accident analysis such as hacking path and method with KISA (Korea Internet & Security Agency),” Bithumb stated (translated). “We will do our best to investigate this incident and will do our best to protect customer assets.”
Bithumb has said that it will compensate all losses.
The fact that this theft comes so soon after fellow South Korean cryptocurrency exchange Coinrail was hacked has raised concerns about the security of other exchanges.
“(Coinrail) is a minor player in the market and I can see how such small exchanges with lower standards on security level can be exposed to more risks,” said Kim Jin-Hwa, a representative at Korea Blockchain Industry Association, at the time.
Bithumb, however, ranks as the sixth biggest trading venue in the world, and according to CoinMarketCap, Bithumb has accounted for around 11% of the global trading volume of XRP (second only to Bitbank) since 11pm KST Tuesday, with a volume of nearly $29 million’s worth being exchanged.
This is also not the first time that Bithumb has been hacked – an attack last year resulted in the platform being compromised, with as many as 30,000 users impacted. It’s not yet known how many users have been impacted in this latest breach.
According to CoinDesk Korea and Yonhap, Bithumb’s annual security investment is more than 10 billion won ($9 million) and as of May, 21% of Bithumb’s employees are technology specialists, and 10% of those are responsible for information security. Bithumb has around 300 employees, which puts the size of its security team at approximately six individuals. It has been suggested that given the volume and financial value of the transactions conducted, a larger team may have been more appropriate.
As was seen in the Coinrail hack, the attack on Bithumb appeared – at least initially – to affect the price of Bitcoin, which fell to $6,561.79 (a drop of nearly $200) after the announcement. However, over the course of the day the price has bounced back, and at the time of writing is at $6,738.01.