Cryptocurrency exchange Bithumb has lost around $19 million in a hack suspected to be an insider job, marking the second major hack the exchange has experienced in under a year.
The company announced the news on its website on March 30, explaining that it spotted “abnormal withdrawals” of cryptocurrency at 22:15 Korean time through their monitoring system. Deposits and withdrawals were promptly suspended after the breach was noticed, with the exchange explaining the reason for its actions on Twitter:
According to crypto news outlet The Block Crypto, around 3 million EOS (worth close to $13 million), and around 20 million Ripple (worth about $6.2 million) were lost in the hack. The funds were withdrawn from the exchange’s “hot” wallet through a series of transactions. Bithumb also explained that the stolen funds were “owned by the company”, and that “all members’ assets are under the protection of a cold wallet.”
After an internal inspection, the exchange judged that the hack was an “accident involving insiders”, and is now conducting an investigation with the help of Korea Internet & Security Agency (KISA), Cyber Police Agency, and security companies. It is also working with other major exchanges in the hopes of recovering a portion of the lost funds.
According to their blog post, cryptocurrency exchange ChangeNow disabled all EOS and XRP deposits, and blacklisted all malicious addresses received from Bithumb, after receiving a message from the exchange. ChangeNow was able to retain about $500,000 worth of EOS, which is kept in a cold wallet as requested from law enforcement.
This incident marks the second hack Bithumb has experienced in under a year, with the first one costing the exchange nearly $31 million. In June of last year the exchange lost 2,016 Bitcoin (BTC), 2,218 Ethereum (ETH) and various other cryptocurrencies, but later was able to recover $14 million-worth of the stolen funds.