2 min read

Major cryptocurrency exchange hacked - customers' Bitcoin and Ethereum accounts plundered

Graham CLULEY

July 05, 2017

Major cryptocurrency exchange hacked - customers' Bitcoin and Ethereum accounts plundered

One of the world’s largest cryptocurrency exchanges has fallen victim to hackers, who were able to use information they stole to plunder users’ accounts.

According to local media reports, Bithumb informed the Korea Internet & Security Agency (KISA) late last week that the personal information on approximately 32,000 customers was compromised – although passwords were not taken.

As Brave New Coin describes, a hacker broke into the home PC of an employee of South Korea’s largest bitcoin rather than the exchange’s internal network.

Questions obviously should be asked as to how such sensitive information was being stored on a worker’s home computer.

Having hacked into the computer, the criminal was able to grab personal information of thousands of users, including customers’ names, mobile phone numbers, and email addresses. Some victims are then thought to have been targeted by scammers who phoned them up, posing as employees of Bithumb:

One victim claims that the attacker posed as an executive at Bithumb and phoned to say that he was “suspicious of a foreign hacking transaction,” and instructed his victim to give him an “identification number written on the letter from Bithumb.” The number in question was the victim”s One-Time Password, (OTP) which granted the attacker immediate access to ten million won, worth about US $8,700.

Of course, we’ve all seen plenty of scams like this in the past – where fraudsters ring you at home claiming to work for a bank or organisation with which you have a relationship. Typically fraudsters will lull you into a false sense of security by quoting your account number, confirming your physical address, or other information which you may imagine that only the company would know (and that hopefully they would have kept under close guard) in order to extract more details.

That’s why it’s so important to put the onus on organisations who phone you up at home to prove their identity, before you share any additional information with them. One good technique can be to ring the company’s support team back (although be careful not to trust the phone number that the person on the other end of the call is offering you!) or to log into your account to see if you have any messages waiting.

A security and privacy-conscious company will certainly respect you for being cautious about who you share your sensitive account details with. And it should go without saying that you should never share your password with anyone else, in particular not someone who has rung you up out-of-the-blue claiming to be from the company.

Bithumb has apologised for the security breach, and the site is offering a lump sum payment of 100,000 South Korean Won (equivalent to about US $87) to any customer confirmed to have had their personal information leaked on July 5th.

It is reported that some of the compromised Bithumb users are planning to file a class action lawsuit in response to the hack.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read