South Korean cryptocurrency exchange Bithumb admitted to getting hacked again on Friday, March 29. This is the third such incident the platform has reported in the past three years.
This third hack was acknowledged in a short Korean and English message posted on the company’s blog.
A Bithumb official said that around 10:15 pm, local time, the company detected abnormal withdrawals from its hot wallets –accounts used to support real-time transactions.
Hackers stole nearly $20 million
The company did not disclose how much currency it lost; however, cryptocurrency industry insiders were able to track down the large transactions leaving the exchange’s wallet addresses around the time of the hack.
Based on currently available information, the attackers appear to have made off with around three million EOS, worth $13.4 million at the time of the hack, and another 20 million Ripple coins (XRP), worth another $6 million.
Bithumb told users that all the stolen funds were taken from a company-owned wallet and that all user funds are safe. Transactions were suspended for a short period, but the exchange is now up and running again.
North Korean hackers again?
This is also the third hack the company disclosed in the past two years. The first hack happened in July 2017, when hackers stole $7 million in Bitcoin and Ethereum, while the second incident took place in June 2018, when hackers stole $31 million worth of Ripple (XRP).
According to a report released by cyber-security firm Group-IB last October, the second hack was attributed to the Lazarus Group, a codename given to North Korea’s cyber-espionage unit –known for its focus on hacking and stealing funds from real-world banks and cryptocurrency platforms, as a side activity to carrying out cyber-espionage intelligence gathering operations for the Pyongyang regime.
According to a Kaspersky report released this week, Lazarus Group is still carrying out operations targeted at cryptocurrency platforms. Coincidentally or not, this is also the third cryptocurrency exchange to go public with a hack in the past seven days, after DragonEx and CoinBene.