South Korean Crypto Exchange Bithumb Hacked, KRW 35 Billion ($31.5 Million) Stolen, Withdrawals and Deposits Suspended

Bithumb, the world's six largest crypto exchange (by trading volume), has been hacked, with 35 billion South Korean Won (around $31.5 million) stolen.

The South Korean exchange announced on its blog around 09:47 (Korean time) Wednesday, 20 June 2018, that it had been hacked sometime between late Tuesday night and early Wednesday morning, and that as a result of this attack, 35 billion South Korean Won, or approximately $31.5 million, was stolen.

It also told its users that all of their cryto assets were being moved to cold (offline) storage for extra security, and that until further notice, all crypto withdrawals and deposits were suspended.

The first indication that something had gone wrong came approximately an hour earlier than the above announcement, when Bithumb posted the following tweet:

It then followed these with two other tweets:

Note that none of these three tweets mentions that Bithumb was hacked. Apparently, there was another tweet that did mention that $30 million had been stolen, but that tweet appears to have been deleted.

This attack on Bithumb comes roughly 10 days after we reported that a smaller South Korean crypto exchange, Coinrail, was hacked.

We will keep you updated as the story develops.

Ransomware Tricks Lonely Singles, Demands Dash and Bitcoin

A new ransomware strain called GandCrab has recently started infecting people by pretending to be a love letter sent via email. After infecting victims, it instructs them to pay with either bitcoin or dash.

According to a report published by the Mimecast Threat Labs Team, the GandCrab ransomware strain encrypts victims’ files after sending them messages that try to trick them into believing they’ll be reading a love letter, or some other love declaration.

Victims are approached by an email with a subject in along the lines of “Wrote my thoughts down about you,” or “Felt in love with you.” Inside the email there’s merely an asterisk and an attached file titled “Love_You_2018_” followed by random numbers.

Those who end up opening the attachment are then asked whether they’d like to see in English, Korean, or Chinese – which indicates these are the ransomware’s targets. If they go on, their files are encrypted and a cryptocurrency ransom is demanded.

After being asked for a ransom in either BTC or Dash, the victims are then told that if they don’t pay within seven days, the ransom is going to double. The attack appears to be somewhat advanced, as it even features a live chat window to help those who don’t know how to use cryptocurrencies.

Notably, the ransomware appears to deliberately avoid targeting Russian users, and it stops the attack if it detects the victim has a Russian-configured keyboard. Per Mimecast, this “signals these campaigns are specifically designed to not target Russian users.”

GandCrab is notably classified as Ransomware-as—a-Service (RaaS), meaning hackers and bad actors purchase the service from vendors – presumably on the dark net – to then target victims with it.

The ransomware is notably taking advantage of the holidays to try and trick users through false promotions, gifts, and campaigns. Mimecast also found fake customer surveys, malicious data apps, and non-malicious compromised dating apps spreading GandCrab.

As CryptoGlobe covered, researchers have recently warned that “Anatova,” a ransomware strain demanding Dash from its victims, could “become very dangerous.” Ransomware strains demand Dash instead of BTC or XMR have been growing in popularity. GandCrab was, however, the first one to do so.