Bitcoin Exchange Bithumb got hacked
Bithumb, the largest South Korean exchange of Bitcoin, wasgoed the victim of a DDOS attack.
Aroundt Ten million won (about 7,655 ) were stolen from customers’ accounts.
At the ogenblik, Bithumb admits that the “Confidential information of customers have leaked – phone numbers and email address – but says their funds are safe.
Bithumb believes private details of more than 30,000 of its customers were stolen spil a result
“It emerges the gegevens wasgoed subsequently used to loser users into letting thieves steal funds from their accounts. Bithumb has promised compensation.”
According to one of their employees, “only employees’ computers were hacked, but not servers. “
Te a postbode, Bithumb, announced a compensation of 100,000 won (about 76.58) for each aggrieved customer.
Despite what Bithumb claims, some customers think their passwords would also have bot stolen.
It remains te Bithumb to explain how the attack wasgoed made possible and to prove that the passwords of the customers were not stolen.
It is likely that the hackers used that information to access the accounts directly, by resetting the users’ passwords, which would make sense given that a source within Bithumb claims that the exchange’s servers weren’t hacked. However, the fact that employee computers were hacked is still a major source of concern.
“This latest attack is troublesome on a multiplicity of levels. Firstly, this proceeds to demonstrate the weakness associated with poor password hygiene especially when they are the only guarismo of authentication.
“If Bithumb had implemented adaptive authentication using layers such spil device recognition and/or geolocation spil part of the authentication process for its employees, this kwestie could have bot avoided entirely spil a 2nd autor of authentication would have bot introduced,” said Robert Block, senior VP of Identity Strategy at SecureAuth and a man who presumably ought to know.
“Additionally, if identity-based threat services were ter place, Bithumb would have bot able to identify this punt te February when the it very very first occurred and notified other areas te cyber security. Instead, this breach went undiscovered until June providing the attackers months for contiguo movement and toegevoegd credential exposure.