The cryptocurrency exchange Bithumb based out of South Korea has announced that 35 billion Korean Won or $30 million worth of cryptocurrencies have been stolen. The exchange is asking all customers to not deposit any funds into Bithumb wallets “for the time being”. The exchange promises that all assets will be covered by Bithumb and that account holders will not experience any personal losses. Crypto markets have taken a hit in prices in response to the news. Bithumb has not specified which assets were stolen.
Korean Exchanges a Prime Target
The announcement from Bithumb comes as little surprise as exchange after exchange has been hit with repeated successful hacking attacks. For some reason, South Korean exchanges have been a popular target for hackers, with recent hack’s also successfully targeting exchanges like Coinrail which lost $40 million, Coinlink whose attack was linked to North Korea, and now Bithumb.
Each time a South Korean exchange is hacked, many in the media will quickly jump to assume that North Korea is the culprit. While some hacking attempts may support this, such as the attack on Coinlink, we do not have any information yet as to whether or not this particular attack was perpetrated by North Korean agents.
2018 a Costly Year
While every year in recent memory has had its cryptocurrency exchange hacks, 2018 seems to be a particularly profitable one for criminals. It seems that not more than a few weeks goes by before a new successful hack is discovered. According to Business Insider, by April of this year, over $670 million had been stolen through a combination of scams and hacks.
In addition to directly targeting the wallets of exchanges, a number of other types of attacks have also been growing.
For example, Binance was recently the victim of a phishing attack that made use of a web address made out of look-alike characters. Those phished accounts were then taken over by an automated system which sold all of their cryptocurrencies for Bitcoin, and then used that Bitcoin to purchase a little-known altcoin, Viacoin. The attack was largely a failure though, as the perpetrators ended up with nothing.
2018 also saw an attack on MyEtherWallet where DNS servers were tricked into forwarding would be MEW visitors to a phishing site.
No Customer Losses?
Bithumb urgently ask our valuable customers not to deposit any fund into Bithumb wallet addresses for the time being.
— Bithumb (@BithumbOfficial) June 20, 2018
In most cryptocurrency hacking scandals, the losses of the exchange are often passed on to account holders. For instance, in previous attacks, account holders at Bitfinex have had a percentage of all of their assets taken by the exchange in an attempt to spread out the damage.
While to some this may seem understandable, for those whose assets were unaffected, the loss may have unfairly targeted their holdings.
The Tweet promising compensation to users was later deleted, to which the official account commented:
Lessons still Unlearned
One important takeaway that comes from this revelation is that for whatever reason, exchanges are still getting hacked, and people still aren’t getting the message. First, exchanges should obviously take more precautions with their security measures. Otherwise, these losses will continue and could begin to take a toll on cryptocurrency as a whole as billions of dollars keep disappearing.
The second lesson the needs to be learned the hard way apparently is that people should not keep cryptocurrencies stored on an exchange. Exchanges are not wallets. They are not designed to facilitate the storage of crypto assets. Instead, cryptocurrency users need to remember to keep their assets safe and under their own control.
As famed Bitcoin commentator and author of Mastering Bitcoin, Andreas Antonopoulos often says, “Not your keys, not your coins.”
Perhaps 2018 or 2019 will be the year of the decentralized exchange. Because it seems the centralized exchanges just can’t get a grip on their security concerns.