Bithumb which is one of the world’s largest cyber-currency exchanges is under investigation by country’s watchdog Internet and Security Agency after it acknowledged that one of its employee’s PCs had been hacked. Bithumb allows its members to buy and sell the virtual currencies Bitcoin and Ethereum. It is South Korea’s biggest cryptocurrency exchange, based on recent trading volumes, and one of the five largest in the world.
South Korea-based Bithumb has said that it believes personal details of more than 30,000 of its customers were stolen as a result. It appears the data was subsequently used to fool users into letting thieves steal funds from their accounts. To mitigate the disaster Bithumb has promised compensation to all the users whose accounts were compromised.
The breach is reported to have occurred in February, and is said to have involved an employee’s home PC rather than computer servers at the firm’s headquarters. Bithumb is reported to have discovered the breach only on 29 June and reported it to the authorities the next day. Although a notice posted to the company’s site said the leaked data did not contain passwords, dozens of customers have reported receiving follow-up scam calls and texts in June that persuaded them to share their accounts’ authentication codes.
Bithumb has promised initially to cover losses of up to 100,000 won ($86; £67) per customer, and to add to this once it has been able to verify individual losses. But it is unclear whether victims will be compensated in full. An unverified local report said one member claimed to have lost 1.2bn won ($1.04m; £806,000). According to reports some Bithumb users were victims of “voice phishing,” where someone phoned them up saying they worked for Bithumb and scammed them out of funds.