In the wake of the hack that led to the bankruptcy of South Korean cryptocurrency exchange Youbit, which took 17% of the company’s total assets from its hot wallet, a local news outlet decided to see how safe other cryptocurrency exchanges in the country were – and found five were breachable using “basic hacking technology.”
To get to its results, South Korean news outlet MBC hired a security company to help it test the security systems of various local exchanges, including “the largest exchange in Korea” – presumably Bithumb, an exchange with a $3.7 billion trading volume.
MBC’s experiment, according to a translated version of the report, essentially saw security experts create accounts on all five exchanges, so they could then compromise these accounts. Per the report, experts managed to gain “user IDs and passwords,” by going as far as circumventing two-factor authentication.
The report reads that the exchanges were “easily hacked” but seems to point to vulnerabilities on the user’s side, not on the exchange’s side. The security experts potentially used malware such as keyloggers, or social engineering tactics, to obtain login credentials.
Kum Sun-Tae, an employee at the hired security firm, stated (roughly translated):
“If you receive something like an illegal program or surf the Web, you can be infected with a high probability, and the exchange is vulnerable in that way.”
The report goes on to add that changing passwords was useless, and that anti-virus software failed to catch the “malicious code used by the hackers.” Notably, it ended by stating experts believe the “exchange’s main server” is vulnerable.
Exchanges compromised before
Bithumb and Youbit have been hacked earlier this year in attacks that saw both user funds and data being stolen. In Bithumb’s case, an employee’s computer was reportedly compromised, not its servers. Moreover, some were phished, as someone contacted them stating they worked for the exchange, and then scammed them out of their funds.
As for Youbit’s case, most pointed out that clues led them to believe the attacks – including the one that led to its bankruptcy – were purported by North Korean actors trying to steal its funds. Per the Independent, the regime employs as many as 1,700 state-sponsored hackers, backed by more than 5,000 support staff.
As for its experiment, MBC revealed that prior to publishing the report, it contacted the South Korean government to notify it on the security issues local cryptocurrency exchanges may be exposing their users to.