For the third time in two years, Bithumb, South Korea’s largest crypto exchange, was hacked in June 2018. SK, the country’s telecommunications giant, explained that the hack was probably caused by APT attacks.
An Advanced Persistent Threat, also known as APT, is an attack in which unauthorized hackers gain access to a network and remain undetected for a long time, with access to sensitive information and valuable data. In an interview, SK Infosec Director Lee Jae-woo said:
Bitcoin Code Stock Exchange
“The Bithumb Stock Exchange Hack is currently under investigation by the local tax authorities and the exact reason for the hack was not disclosed by the investigators. But here at SK Infosec we suspect that the stock market hack was most likely caused by Bitcoin Code an APT attack, either by intrusion into employees’ computers or the stock market’s internal system.”
Three possible scenarios
As a subsidiary of SK Infosec, SK Infosec has the task of investigating various security threats and developing solutions to combat large-scale violations. Lee suspects that the Bithumb hacking attack was caused by one of the following scenarios:
Hackers gained access to the internal server by attacking an employee with a phishing attack called Spearphishing and installing malware directly on the employee’s computer.
Direct attack on the internal server by launching an APT attack.
Attack on a public server that was hacked and infiltrated the internal server.
Attack on Bitcoin Revolution
SK Infosec researchers emphasized that the second scenario with sophisticated APT attacks Bitcoin Revolution was most likely the cause, as Bithumb has already experienced two hacks based on the first scenario.
Heavy criticism from the media
Chosun, a leading mainstream media company in South Korea, reported in June that Bithumb was aware of suspicious activity four days before the hacking attack. Despite this awareness, Bithumb was unable to prevent the attack, putting users’ capital at risk. Local authorities also warned the crypto exchanges of their poor security measures and weak internal management systems.
Since both large exchanges and smaller platforms have been unable to protect user funds and prevent security breaches, the South Korean government may require local exchanges to comply with guidelines comparable to those of banks and regulated financial institutions.
Currently, banks must spend seven percent of their total capital on cyber security and the development of systems that are used to secure user funds. With the drafting of a new crypto-regulatory framework, it is possible for the South Korean government to use part of its funds and capital to improve its security measures.