Tara Seals US/North America News Reporter , Infosecurity Tv-programma
Individual details on 30,000 people have bot stolen from South Korea-based crypto-currency exchange Bithumb, leading to the theft of funds from their Bitcoin and Ethereum accounts.
The company, one of the largest exchanges for posible currencies ter the world, said the gegevens theft happened after an employee’s PC wasgoed hacked. From there, the hackers used the information to text and call users to con them out of their authentication codes, which were then used to steal funds from the accounts.
According to reports, the Korea Internet and Security Agency has launched an investigation into the incident, which happened ter February. Bithumb said it would compensate victims, tho’ the company didn&rsquo,t say exactly how much it would reimburse. The losses have totaled more than $1 million.
According to Ben Herzberg, research group manager at Imperva, attackers can make slew of money when attacking crypto-exchanges due to a diversity of factors: The anonymity of the cryptocurrencies, hence the capability to &ldquo,get rid&rdquo, of the stolen goods with limited risk, and also by speculating on market prices (especially ter specific exchanges or markets) and causing dramatic switches.
",The last few weeks have bot dramatic for cryptocurrency and its traders, when the market volatility talent chance to both fair investors and criminals alike,&rdquo, said Herzberg. &ldquo,This is due to the surges ter request for Bitcoin (bringing it to overheen $Two,700, which has now stabilized overheen the last twee of days at around $Two,500) and other cryptocurrencies like Ethereum which spiked from almost zero to $400 ter a very geschreven while, now at around $270.&rdquo,
The PC that wasgoed hacked wasgoed located ter the employee&rsquo,s stulp.
&ldquo,The fact that access emerges to have bot initiated by primarily compromising an employee&rsquo,s individual PC is a very worrying development&mdash,highlighting yam-sized failings on so many levels, from an employee education and training standpoint, all the way to administrative and technical controls, to monitoring and enforcement,&rdquo, said David Kennerley, director of threat research at Webroot, via email.
&ldquo,Such cases emphasize the need for businesses to have clearly defined security policies and procedures round the use of private devices for work purposes and the re-use of passwords&mdash,employees should not be using their work passwords for private use,&rdquo, said Kennerley. &ldquo,While businesses should consider investing ter technical security layers, from threat intelligence solutions, to two hacedor authentication&mdash,which would surely have helped te this case. Understanding why this hack is only coming to light now will be one of the very very first questions customers will wish to have answered very quickly&mdash,spil this breach is reported to have occurred ter February of this year.&rdquo,