In an explanation linked to the tweet, the exchange writes that at 10:15 (time zone unknown) on the 29th, they detected what they describe as abnormal withdrawals through their monitoring system.
The exchange notes that they have “secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.”
According to the translated note, the incident was an “accident involving insiders.” In its updated blog post, Bithumb points out that it was the exchange’s fault that it only focused on protection from outside attacks and did not verify its staff. The announcement promises that the incident won’t repeat itself since the company is developing its workforce verification system.
The exchange’s EOS hot wallet started sending EOS to the attacker’s address yesterday until the company realized the attack was ongoing and started to move the funds to the cold storage wallet, which seemingly has not been compromised.
More than 3 million EOS (about $12.5 million) have been transferred from the hot wallet. The company since pointed out that all the funds which have been stolen were those of the exchange, and that the users’ funds are in the cold wallet. According to cryptocurrency news outlet The Block Crypto, around 20 million Ripple (XRP) (equivalent to about $6.2 million) have also been stolen.
This is the second hack that the exchange encountered in under a year. In the investigation after the last hack, the exchange recovered $14 million of the stolen funds and the exchange stated that it expects to recover the losses this time as well. Bithumb claims to be currently conducting intensive investigations with the cyber police agency, the Korean internet & Security Agency (KISA) and cybersecurity companies.
The exchange also notes out that it expects to recover the loss. Lastly, the company notes:
“We will do our best to resume deposit and withdrawal as soon as possible to secure the service’s stability.”
An analysis of the flow of the stolen funds by a Twitter user shows that a portion of the funds is already being distributed to exchanges, while another portion has been moved to other addresses. The exchange that received the most funds (662,000 EOS) is EXMO, followed by Houbi (263,000 EOS), Changelly (192,000 EOS), ChangeNOW (140,000 EOS), KuCoin (96,000 EOS) and others.
Changelly has published a post today, claiming that the instant exchange has been able to identify and freeze 243,000 XRP ($76,000) and 114,000 EOS ($479,000) believed to proceed from the Bithumb hack. The XRP has been sent to Changelly in eight different transactions, while the EOS was sent in 52, and the associated wallet addresses have been blacklisted.
Cointelegraph will update this story as it continues.
As Cointelegraph also recently reported, data scientists at blockchain infrastructure firm Elementus have published details of recent transactions from crypto exchange CoinBene that they consider being suspect, beginning with $105 million in crypto swiftly being moved out of the exchange’s hot wallet.
With additional reporting from Adrian Zmudzinski.