Crypto Exchange Bithumb Hacked for $13 Million in Suspected Insider Job
South Korean crypto exchange Bithumb has had around $13 million in the EOS cryptocurrency stolen in a hack it suspects was an insider job.
The company confirmed in statement on Saturday that it first spotted an “abnormal withdrawal” of the cryptocurrency through its monitoring system at 22:00 Korean time (13:00 UTC) on Friday, March 29.
The exchange suspended asset withdrawals and deposits on the platform after noticing the breach.
“All the [stolen] cryptocurrency is owned by the company, and all members’ assets are under the protection of a cold wallet.”
According to a report from CoinDesk Korea, the exchange was hacked for a total of 3.07 million EOS, which was withdrawn from the exchange’s “hot” (internet connected) wallet through a series of transactions.
Based on the data from CoinMarketCap, EOS is currently trading at $4.22, making the total value of the coins lost around $13 million.
The company said in its statement that it suspects the hack was conducted by an insider, since no evidence of external exploit has been found.
Bithumb has already notified government agencies and is conducting an internal investigation. It said it’s also working with major exchanges with the expectation of recovering some of the funds.
Additionally, the remaining assets in Bithumb’s hot wallet have been removed to its cold (offline) wallet to prevent further losses until the manner of the breach has been identified and any vulnerabilities fixed.
According to CoinDesk Korea, Lee Sang Sun, described as one of the only EOS arbitrators in South Korea, said, “Overseas exchanges such as Bitfinex manage their EOS wallets with a multisig system, but Bithumb managed its with a single key.” However, this detail is not confirmed at press time.
The news comes nearly a year after Bithumb was hacked for some $30 million-worth of cryptocurrencies. The exchange experienced an initial loss of 2,016 bitcoin, 2,219 ether and other coins, but later claimed to have retrieved $14 million-worth of the hacked funds.