2 min read

Major cryptocurrency exchange hacked - customers' Bitcoin and Ethereum accounts plundered

Graham CLULEY

July 05, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Major cryptocurrency exchange hacked - customers' Bitcoin and Ethereum accounts plundered

One of the world’s largest cryptocurrency exchanges has fallen victim to hackers, who were able to use information they stole to plunder users’ accounts.

According to local media reports, Bithumb informed the Korea Internet & Security Agency (KISA) late last week that the personal information on approximately 32,000 customers was compromised – although passwords were not taken.

As Brave New Coin describes, a hacker broke into the home PC of an employee of South Korea’s largest bitcoin rather than the exchange’s internal network.

Questions obviously should be asked as to how such sensitive information was being stored on a worker’s home computer.

Having hacked into the computer, the criminal was able to grab personal information of thousands of users, including customers’ names, mobile phone numbers, and email addresses. Some victims are then thought to have been targeted by scammers who phoned them up, posing as employees of Bithumb:

One victim claims that the attacker posed as an executive at Bithumb and phoned to say that he was “suspicious of a foreign hacking transaction,” and instructed his victim to give him an “identification number written on the letter from Bithumb.” The number in question was the victim”s One-Time Password, (OTP) which granted the attacker immediate access to ten million won, worth about US $8,700.

Of course, we’ve all seen plenty of scams like this in the past – where fraudsters ring you at home claiming to work for a bank or organisation with which you have a relationship. Typically fraudsters will lull you into a false sense of security by quoting your account number, confirming your physical address, or other information which you may imagine that only the company would know (and that hopefully they would have kept under close guard) in order to extract more details.

That’s why it’s so important to put the onus on organisations who phone you up at home to prove their identity, before you share any additional information with them. One good technique can be to ring the company’s support team back (although be careful not to trust the phone number that the person on the other end of the call is offering you!) or to log into your account to see if you have any messages waiting.

A security and privacy-conscious company will certainly respect you for being cautious about who you share your sensitive account details with. And it should go without saying that you should never share your password with anyone else, in particular not someone who has rung you up out-of-the-blue claiming to be from the company.

Bithumb has apologised for the security breach, and the site is offering a lump sum payment of 100,000 South Korean Won (equivalent to about US $87) to any customer confirmed to have had their personal information leaked on July 5th.

It is reported that some of the compromised Bithumb users are planning to file a class action lawsuit in response to the hack.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read