Bithumb Hacked Again: Over 3 Million EOS Transferred Out From Exchange’s Hot Wallet

According to early reports from security researchers, South Korean cryptocurrency exchange Bithumb has suffered a major attack that started on Friday (March 29) around 01:40 UTC. (This is the second major attack on Bithumb, with the first one occurring in June 2018, when the exchange lost $30 million in crypto.)

One of the first people to report the news of the attack on Bithumb was Dovey Wan, a founding partner at Primitive Ventures:

According to Dovey's Twitter thread and information we have gathered from other sources, here is what seems to have happened so far (all time information is in UTC):

  • The attack started on March 29 at 01:40 with the hacker creating EOS wallet "ifguz3chmamg”.
  • Between 13:16 and 15:35 on March 29, 3,132,672 EOS were transferred from wallet address “g4ydomrxhege” (which belongs to Bithumb) to wallet address “ifguz3chmamg” (which belongs to the hacker) in 16 transfers.
  • Around 15:21 on March 29, the hacker started transferring the stolen EOS to various other crypto exchanges (including Huobi, HitBTC, and Changelly). 
  • Around 16:08 on March 29, Bithumb started transferring the remaining balance at wallet address “g4ydomrxhege” to its cold wallet (“bithumbshiny"), a process that is still ongoing at the time of writing (08:42 on March 30).

Here are some more updates from Dovey regarding the stolen EOS:

And here is Binance CEO Changpeng Zhao ("CZ") providing some further information on the whereabouts of the stolen EOS:

CZ also confirmed that so far none of the stolen EOS has made its way to Binance:

Also, it seems that over 20 million XRP tokens were stolen as well:

This is the latest tweet (sent out at 04:28 UTC on March 30) from Bithumb's account:

According to the latest notice posted on Bithumb's website, it seems that the exchange thinks that this was an inside job, it has allerted the authorities, and is working on recovering the stolen funds. 

As the story develops, we will update this article...