Bithumb Korea Indicted for Leakage of Private Data and Failure to Prevent Hacking
South Korea’s crypto exchange giant, Bithumb and its top officials have been prosecuted on charges of failure to prevent hacking attacks and leakage of private data.
Prosecutors are accusing the crypto exchange platform of leaking sensitive financial data on around 31,000 of its customers. The prosecutors allege that the exchange failed to employ the necessary measures to safeguard private information that was presumably used by fraudsters to steal millions from the platform, Cointelegraph reports.
According to the prosecutors are accusing the company of data leakage leading to a loss of a combined 7 billion won ($5.9 million) worth of digital currency in the second hack.
The prosecutor alleges that data on the 31,000 customers affected was stored on a single Bithumb employee’s PC – and that the employee in question was not running antivirus software on their device, nor had they installed basic security updates.
The charges are in contravention of an article contained in the country’s Information Communication Network Act. Under the Act a provider of information and communications services is obliged to come up with measures to protect personal information.
The leaked data allegedly comprises of user names, cell numbers, email addresses as well as crypto transaction histories. However, customer IDs as well as passwords and other login details were however not compromised.
The prosecution appears keen to draw a link between the data leak and the hack. The prosecutor’s office stated:
“We submitted [Bithumb’s] case to the court because personal information with […] economic value was leaked on a large scale, and further damage then occurred.”
On 19 April, Bithumb offered a formal apology saying that it will do its best to safeguard customers. It also refuted the prosecutor’s claims linking the data leakages and the subsequent hack. A spokesperson from the company said:
“We respect the opinion of the prosecution, but [the 2017 hack] was not related to any personal information leak or theft of customers’ cryptocurrency holdings.”
A Series of Hacks
By the end of spring this year, Bithumb was hacked for the third time and about $13 million worth of cryptos was stolen. The management alleged that the heist was an inside job and investigations are still ongoing.
A similar attack also occurred in the summer of 2018 where approximately $31 million worth of cryptos was estimated to have been lost but the figure was adjusted to $17 million.
Following the spring attack, Bithumb hired an independent auditor who conducted an audit on the company’s funds and reported that the lost cryptos were the firm’s funds and that the remaining cryptos had been relocated to a cold wallet following the heist.
So far, seven major crypto exchanges have suffered large scale attacks including the giant crypto exchange Binance.
Bithumb was not the only company to be prosecuted as charges were also preferred to two other tech based companies, travel agency Hana Tour and With Innovation, the operator of hotel booking app Yeogi Eottae.
What’s your take on Bithumb’s prosecution? Let us know in the comments section.