The news comes via Hot for Security, based on information from some local reports in Seoul, Korea where the attack occurred. Apparently, a Bithumb employee’s PC was compromised and customer information including mobile phone and email addresses were stolen. The breach occurred on June 29 and around 30,000 customers were affected.
While Bithumb asserts that no information was accessed that would provide direct access to customer’s digital currency wallets, the stolen information seems to have been used in “voice phishing” scams targeting individual customers. A number of victims have come forward claiming the loss of significant amounts of money, including one customer who succumbed to a phishing attempt and lost 10 million won (approximately $8,700) in bitcoin.
Bithumb is a significant player in the cryptocurrency market in South Korea, owning approximately 75.7 percent of the volume. It is also one of the five largest bitcoin exchanges in the word, trading over 13,000 bitcoins worth of cryptocurrency trading volume — which make up around 10 percent of the global market.
Initially, Bithumb is offering victims up to 100,000 won, or about $87. Anyone who suffered additional losses will receive more compensation when the total damages have been calculated. It is estimated that Bithumb will pay out as much as 3 billion won in total, or around $2.6 million. The South Korean government is investigating, with a number of agencies participating.
While these kinds of attacks can be discouraging and seem completely out of our control, there are still steps we can take to keep ourselves safe — or at least a little safer. In the case of the Bithumb attack, it was old-school social engineering that was used to break into customer accounts, reinforcing the need to be paranoid when deciding when to give out personal information over the phone. The bottom line remains the same: Never give up your secrets unless you are absolutely certain who you are talking to, and never give anyone your password or other credentials.
