South Korean Cryptocurrency Exchange Bithumb Hacked

Bithumb, notable for being one of the largest cryptocurrency exchanges in the world, was severely compromised on June 29. The South Korean-based platform is also known as a leading exchange for ether, the currency of Ethereum (which in itself is immensely popular in the country). Local media reported that an employee of the company was hacked, and the personal information of upwards of 31,000 customers was stolen, including cellphone numbers and email. The company sent a notification on June 30 informing their users of the data theft.

Reports say that the scammers actually contacted individual Bithumb users and used voice phishing to gain access to their funds. Although there is no official tally, South Korean users are independently reporting massive losses on online forums. Bithumb has already posted that it plans to partially compensate users, promising to give up to 100,000 won per person.

Currently the incident is being investigated by the Korea Internet and Security Agency (KISA) as well as the cyber investigation divisions of the police department and prosecutor’s office.

This is the second Ethereum-related hack to happen recently. We previously posted about Classic Ether Wallet, a service for Classic Ethereum (ETC) users, which was also compromised within the same week, through social engineering.

Best practices: Protecting online and cryptocurrency accounts

With the rising number of cryptocurrency hacking incidents, users should be proactive about protecting their funds as well as any online accounts. Enterprises should also be wary about data storage, and implement proper security policies for employee devices:

Enable 2FA on all your online accounts.

Try to be familiar with social engineering tactics. For offline scams done though calls, always compare the communication received with typical behavior, past experiences and industry standards before giving away valuable information or access.

For online social engineering scams, which are most commonly received through email, there are many ways to identify and mitigate these attacks.

Be wary of trusting cryptocurrency with a third-party. Using cold storage is advisable—it is basically storing cryptocurrency offline in encrypted media, hard drive or USB drive, hardware wallet, paper wallet, or other such devices.

Also, employers should also implement strict BYOD policies to protect their own network and data.

And any enterprise should try to secure third party services holding critical parts of their business. Consult with security experts to install countermeasures and monitoring processes so you can prevent or mitigate advanced threats.

Trend Micro Solutions

In addition to the best practices mentioned above, enterprises can look into solutions such as Trend Micro™ Security and Trend Micro Internet Security, which offer effective protection and can detect malware at the endpoint level. In addition, enterprises can monitor all ports and network protocols to detect advanced threats and protect from targeted attacks via Trend Micro™ Deep Discovery™ Inspector.