Bithumb Wins Lawsuit Against Investor Claiming to Have Lost $355,000 Due to Hacked Account

  • Korean exchange Bithumb wins lawsuit against investor claiming to have lost funds from his account due to Bithumb's negligence. 
  • Claimant had alleged that $355,000 worth of ether was stolen from his Bithumb account due to poor security measures. 

Cryptoasset exchange Bithumb recently won a lawsuit settlement against a digital currency investor who had sued the South Korean company for his losses of about $355,000 due to an alleged hack of his Bithumb account.

$355,000 In Cryptocurrency Allegedly Stolen From Hacked Account

According to the Korea Economic Daily, the 30-year-old investor who had filed a lawsuit against Bithumb is a civil servant named Ahn Park. The outcom of the case, which was announced on December 24th, was that the alleged loss of 400 million Korean won (appr. $355,000) from Park’s account on November 30th, 2017 was not due to any reasons for which Bithumb may be held responsible.

In court documents, Park had claimed that within a few hours of him making a large deposit on the South Korean exchange, a hacker had managed to gain access to his Bithumb account. After obtaining access to the account, the unidentified hacker had allegedly exchanged the fiat currency held in Park’s account for ether (ETH).

As described by Park in court papers, the unnamed hacker conducted four separate outgoing transactions from the victim’s Bithumb wallet to other crypto address(es). After the transactions, Park’s account balance was reportedly reduced to only 121 won (11 cents) in ether. As mentioned, Park had argued that Bithumb’s management team failed to provide adequate security measures to protect his account from malicious hackers. Park further alleged that Bithumb’s support team did not fulfill its obligations as a “financial services” firm.

10 SMS Messages Reportedly Sent To Park Regarding Outgoing Transfers

Moreover, the claimant alleged that cybercriminals might have obtained his private passwords and other personal information during a hack that occurred in October 2017. The damaging security breach had reportedly resulted in hackers gaining access to financial data that belonged to over 30,000 Bithumb customers.

According to Yonhap News, there were at least 10 SMS alerts that were sent to Park’s cellphone, in order to inform him of the outgoing transactions from his Bithumb account.

However, the claimant stated that he never received any of the SMS messages and that “it was difficult to rule out the possibility of being hacked.” Park also claimed that Bithumb’s operations as a cryptocurrency trading platform are similar to the types of services provided by firms in the traditional financial services industry. Therefore, Bithumb must follow the same security guidelines that apply to e-commerce businesses.

Judge Rules Against Park's Arguments

Notably, the judge ruled against Park’s arguments, noting that: 

In general, [digital] currencies cannot be used to buy goods and it is difficult to guarantee their exchange for cash because their value is very volatile. [Digital currencies] are mainly used for speculative means, [so it] is not reasonable to apply [South Korea’s] Electronic Financial Transactions Act to a defendant who brokers [digital] currency transactions without the permission of [Korea’s financial regulator,] the Financial Services Commission (FSA).

As CryptoGlobe reported, Bithumb was hacked in June 2018, and approximately $30 million in cryptocurrencies was reportedly stolen due to the security breach. However, Bithumb was able to resume operations again as several crypto industry participants helped the exchange recover around $17 million worth of stolen funds.

In October, Hong Kong-operated digital asset exchange Changelly announced that it managed to help Bithumb recover over 1 billion XRP that had been stolen due to the hack.

MetaMask Has Been Broadcasting Users' Ethereum Addresses to Visited Websites by Default

Popular Ethereum wallet MetaMask has been broadcasting users’ Ethereum wallets to the websites they visit, allowing third-parties to see their ETH addresses and potentially link them to their browsing activity.

According to a recently raised GitHub issue, MetaMask has a built-in “privacy mode” that could stop this from happening, but that needs to be manually activated by the user. If it isn’t enabled, it sends websites what are known as “message broadcasts.”

These have raised concerns, as “any advertisement, or tracker” can detect MetaMask users’ Ethereum addresses through them and potentially link the address to users’ browsing activity – compromising anonymity.

The user who created the GitHub issue wrote:

It sacrifices the privacy of everyone in the system because sites like Amazon, Google, PayPal, and others can link your blockchain transactions to credit card payments, thereby your identity, and the identity of the last person you transacted with – a person who wants to remain anonymous.

MetaMask is a popular browser extension that gives users access to decentralized applications (dApps) on the web. It has been installed over a million times on Google Chrome, and is available for Brave, Mozilla Firefox, and Opera.

The Next Web reportedly tested the wallet’s default settings, and managed to confirm third-party trackers may be able to detect these message broadcasts, which can be relayed to ads and trackers “such as Google+ like buttons, Facebook like buttons, Twitter retweeters, etc.”

Lead developer Dan Finlay, responding to the concerned user, revealed enabling privacy mode by default could damage dApps that rely on Ethereum address requests made without it. Finlay explained:

You’re right, we haven’t enabled this by default yet, because it would break previous dapp behavior, and we realized if we add the manual ability for users to ‘log in’ to legacy applications, we can add this privacy feature without breaking older sites.

He noted that while developers need to enable privacy mode by default, it isn’t clear when that will happen. To enable it themselves, users have to go into MetaMask’s settings to toggle the “Privacy Mode” slider.

As CryptoGlobe covered, the popular Ethereum wallet interface has announced late last year a mobile app for it. MetaMask has notably been protecting its users in other ways, as the app blocked a popular dApp called 333ETH, which is widely believed to be a Ponzi scheme.