Bithumb Hacked Again: Over 3 Million EOS Transferred Out From Exchange’s Hot Wallet

According to early reports from security researchers, South Korean cryptocurrency exchange Bithumb has suffered a major attack that started on Friday (March 29) around 01:40 UTC. (This is the second major attack on Bithumb, with the first one occurring in June 2018, when the exchange lost $30 million in crypto.)

One of the first people to report the news of the attack on Bithumb was Dovey Wan, a founding partner at Primitive Ventures:

According to Dovey's Twitter thread and information we have gathered from other sources, here is what seems to have happened so far (all time information is in UTC):

  • The attack started on March 29 at 01:40 with the hacker creating EOS wallet "ifguz3chmamg”.
  • Between 13:16 and 15:35 on March 29, 3,132,672 EOS were transferred from wallet address “g4ydomrxhege” (which belongs to Bithumb) to wallet address “ifguz3chmamg” (which belongs to the hacker) in 16 transfers.
  • Around 15:21 on March 29, the hacker started transferring the stolen EOS to various other crypto exchanges (including Huobi, HitBTC, and Changelly). 
  • Around 16:08 on March 29, Bithumb started transferring the remaining balance at wallet address “g4ydomrxhege” to its cold wallet (“bithumbshiny"), a process that is still ongoing at the time of writing (08:42 on March 30).

Here are some more updates from Dovey regarding the stolen EOS:

And here is Binance CEO Changpeng Zhao ("CZ") providing some further information on the whereabouts of the stolen EOS:

CZ also confirmed that so far none of the stolen EOS has made its way to Binance:

Also, it seems that over 20 million XRP tokens were stolen as well:

This is the latest tweet (sent out at 04:28 UTC on March 30) from Bithumb's account:

According to the latest notice posted on Bithumb's website, it seems that the exchange thinks that this was an inside job, it has allerted the authorities, and is working on recovering the stolen funds. 

As the story develops, we will update this article...

Hacker Attempts to Sell Data Allegedly Stolen From Ledger, Trezor, and KeepKey

Michael LaVere
  • Online data monitoring service Under the Breach says a hacker is attempting to sell databases belonging to Ledger and Trezor.
  • The hacker allegedly used a Shopify exploit to obtain client information, while the company claims to have found "no evidence" of a breach in security.

Online data monitoring and prevention service Under the Breach says a hacker is attempting to sell client information belonging to cryptocurrency hardware wallet manufacturers Trezor, KeepKey, and Ledger. 

According to a tweet published May 24, Under the Breach said an the alleged hacker of the Ethereum.org forum was attempting to sell databases belonging to Trezor, KeepKey and Ledger. The stolen data was reportedly obtained via an exploit involving the e-commerce platform Shopify, with the tweet implying more leaks could have occurred that have gone unnoticed. 

The hacker also claimed to have the full SQL database belonging to the online crypto and fintech investment bank, BnkToTheFuture. 

In a subsequent tweet, the data monitoring service claims to have warned BnkToTheFuture about the leaked information.

The documents posted by Under the Breach reveal the hacker allegedly has information belonging to three large databases encompassing 80,000 clients.  

Ledger responded to the proposed Shopify data breach the same day, calling the hack a “rumor.” The crypto wallet manufacturer claimed to have analyzed screenshots from the leaked database and found it did not match their records. 

A Shopify representative told News.Bitcoin that the company had investigated the security breach and found “no evidence” of any compromise. 

Featured Image Credit: Photo via Pixabay.com