South Korean bitcoin exchange hacked, user accounts plundered
Bithumb, a South Korean bitcoin and ether exchange, has suffered a data breach that resulted in customer losses potentially reaching billions of South Korean won (currently, a billion won is equivalent to some 870,000 US dollars).
The breach
According to Brave New Coin, Bithumb discovered the breach on June 29 and reported it the day after to the authorities: the Korea Communications Commission, the Korea Internet & Security Agency, and the Supreme Prosecutors’ Office.
The exchange claims that the breach was limited to an employee’s PC, from which the attackers apparently exfiltrated names, phone numbers, and email addresses of some 31,800 Bithumb website users.
The attackers did not have direct access to the funds stored on the exchange, but used the stolen information to phish the victims via phone.
They called up the victims, posed as a representative of the exchange, convinced them something was wrong with one of their transactions, and asked the victims to share their password. They then used it to access their accounts, and syphon the money out of them.
Around one hundred customers were reportedly hit, and some lost millions of won.
South Korea has no virtual currency regulation
The exchange said that they would offer users whose information was stolen up to 100,000 won (around $870) in compensation, and would reimburse victims once their losses are confirmed.
Sounds more than fair, especially because South Korea currently does not have have laws regulating digital currencies or the responsibilities of digital currency exchanges.
Representative Park Yong-jin of the ruling Democratic Party of Korea is currently working on a bill that should plug that legislative hole.
According to Business Korea, the bill will require virtual currency exchanges, brokerages and storage companies to receive a permit from the Financial Supervisory Commission. In order to do that they will have to have a capital of over 500 million won ($450,000), and have the professional personnel and computer equipment for protecting users.
“Currently, domestic virtual money traders Bithumb, Korbit, CoinOne, and Coinplug were established without any license from financial authorities. They receive about 6.5 billion won (US$5.8 million) a day by 0.5% of transaction money as a commission,” lawmaker Park noted.
The proposed amendments are still not a sure thing – the Financial Supervisory Commission has first decided to set up a task force team that will study overseas cases and determine whether or not virtual currency regulations are actually needed.