Bithumb, the South Korean cryptocurrency exchange, announced it had been hacked on Friday but no user funds were stolen.

They say the third time’s the charm, but one could excuse Bithumb for not being joyous about that particular saying. The South Korean exchange announced it had been the victim of an attack yesterday, noting that almost $20 million in cryptocurrencies was stolen. This marks the third time in two years that the exchange had been hacked.

Bithumb Hit Again

The hack occurred at 10:15 pm local time and targeted the exchange’s hot wallets. While Bithumb did not reveal the scope of the hack, others have tracked down the transactions and estimate $13.4 million in EOS and $6 million in XRP were stolen.

The good news for users of the exchange is that all of the stolen funds belonged to Bithumb. The exchange notes that all of the users’ coins are safely secured in cold wallets.

What is interesting is that Bithumb says that the hack is an “accident involving insiders.” It seems that this was an inside job, but the exchange expects to recover the funds as it is working with other exchanges as well as law enforcement.

Apologies Given

The exchange offered its apologies to its users via a blog post. In it, they state that the hack was their fault as they were focused on outside threats and not a lack of verification of internal staff. They expect to resume deposits and withdrawals as soon as possible.

The full message from Bithumb reads:

Hello. This is Bithumb, the global cryptocurrency exchange. We deeply apologize to our members for delaying the cryptocurrency deposit and withdrawal service, We would like to inform you of the circumstances of the grounds and confirm that your assets are safe. About 10:15 pm on the 29th, we detected abnormal withdrawal of the company’s cryptocurrency through Bithumb’s abnormal trading monitoring system. All the spilled cryptocurrency is owned by company, and all the member’s asset is under the protection of cold wallet. According to the company’s manual, Bithumb secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service. As a result of the internal inspection, it is judged that the incident is an “accident involving insiders”. Based on the facts, we are conducting intensive investigations with KISA, Cyber Police Agency and security companies. At the same time, we are working with major exchanges and foundations and expect to recover the loss of the cryptocurrency equivalent. Bithumb exchange is certified ISMS and applied to multi-signature withdrawal scheme. We constantly monitor and block external hacking. However, it was our fault that we only focused on defense of outside attack and lack of verification of internal staff. We will do our best to resume deposit and withdrawal as soon as possible to secure the service’s stability. Specific resumption schedule will be announced through separate announcement. Also we promise that we will open our progress clearly with social responsibility as a global leader company. We deeply apologies again. This won’t be happened again as we develop the internal workforce verification system. We will do our best to protect our member’s assets. Thank you.

Hopefully, the exchange will not be hit a fourth time over the next year. Bithumb was first hacked in July 2017 to the tune of $7 million (in Bitcoin and Ethereum) and was hacked again in June 2018 for $31 million in Ripple (XRP).

Did you expect a hack to come from internal staff? Let us know in the comments below.

Images courtesy of Deposit Photos, Pixabay, and Shutterstock.