Months after the Cryptopia debacle and mere days after the DragonEx imbroglio, reports and blockchain data suggest that Bithumb, South Korea’s largest crypto exchange has been hacked (yet again) for a large amount of EOS and potentially XRP.
The last time the Korean exchange was attacked, it lost approximately $30 million ($14 million of which was later recovered) and was mandated to shutter its deposit and withdrawal services for months.
Bithumb Hacked Again, This Time For $10 Million+ Of Crypto
According to Primitive Ventures’ Dovey Wan, who cites data from local blockchain analytics teams, cybersecurity firms, and other sources, Bithumb’s EOS wallet was hacked on Friday, resulting in three million EOS tokens being spirited away. This sum of crypto, for those who are wondering, is currently valued at $12.5 million as of the time of writing.
Bithumb is being hacked, at its EOS cold storage level!!! Over 3million EOS has been transferred out
Detail to be reported, confirmed by security firm who’s auditing for Bithumb
— Dovey Wan (@DoveyWan) March 30, 2019
From a preliminary look at the wallet affected, it seems as though this was Bithumb’s hot wallet rather than its cold storage system, which was subject to immense scrutiny during the platform’s last security mishap.
The reason why analysts are suggesting this is a hack is due to the distribution of the three million EOS, which was sent to exchanges such as EXMO, Huobi, Changelly, KuCoin, and CoinSwitch. Interestingly, however, there remains 63% of the hacked funds in the attacker’s purported wallet.
Per CoinDesk Korea, who has seemingly confirmed the report, Rohan from EOSauthority seems to be sure that Bithumb’s private key pertaining to the aforementioned wallet was stolen. Bithumb has purportedly since contacted fellow trading platforms, authorities, and higher-ups in the EOS ecosystem, as it looks to mitigate the effects on the broader crypto industry.
Since the suspicious transaction, Bithumb has shuttered its deposits and withdrawals portal, citing a need to “provide more stable service.” The announcement of this happening did not mention the word “hack” or “EOS” specifically, however, but many argue that the timelines of the hack and sudden period of maintenance do match up.
In order to provide more stable service, proceed with a temporary check on the cryptocurrency deposit and withdrawal service.
For more details >> https://t.co/eF0tWnolvF
— Bithumb (@BithumbOfficial) March 29, 2019
Will EOS Block Producers Take Action?
While for most other cryptocurrencies, especially Bitcoin, these purported hacked transactions would be irreversible, for EOS, amending this situation may be possible. For those who missed the memo, EOS’s Block Producers (BP), who are the equivalent of Bitcoin’s miners, have the ability to reverse transactions and freeze accounts in drastic situations.
Nine months ago, BP EOS42 claimed that it had frozen seven accounts. Months later, users reported on Reddit that an arbitrator of the crypto platform was purportedly able to reverse a transaction that happened without the owner of an account’s explicit permission. It isn’t clear if there is an entity in the ecosystem right now that has the same capabilities.
Even if there is a BP or similar crypto stakeholder that could freeze the hacker in his/her/their tracks, some claim it is too late.
Wan writes that Bithumb’s EOS funds have already deposited the tokens on non-custodial, KYC-free exchanges, like ChangeNow and Changelly, likely for a privacy-centric asset like Monero (XMR).
3. EOS won’t be able to freeze this time, or it’s now too late
4. Hacker has been disposing the stolen EOS via ChangeNow, a non-custodial crypto swap platform dose not require KYC/account
5. Bithumb is the only top Korean ex operator without a commercial banking partnership pic.twitter.com/SM9Wes0BI6
— Dovey Wan (@DoveyWan) March 30, 2019