Right after Bithumb confirmed it had been hacked via twitter, the exchange would also announce on the same platform that it would compensate all affected users on its exchange. The announcement was later retracted from the platform. The announcement read as follows before it was deleted:
We checked that some of cryptocurrencies valued about $30,000,000 was stolen. Those stolen cryptocurrencies will be covered from Bithumb and all of assets are being transferring to cold wallet
However, the exchange has since confirmed that it would be compensating users on any lost funds. The new announcement was also made via twitter by the exchange.
The Bithumb team also announced that it reported the issue to KISA (Korea Internet and Security Agency) for further investigations.
After the incident occured on June 20, Bithumb quickly followed the procedure to immediately report [the] incident to KISA announcing that about 35 billion Korean Won worth amount of cryptocurrency was stolen. However, as we undergo recovery process on each cryptocurrency, the overall scale of damage is getting reduced. Hence, we expect that the overall damage will be less than the amount we initially expected.
The team has also confirmed that it had lost $30 Million in the hacking, but its developers and security team have started the recovery process of the stolen customer assets. Together with KISA and a sub-organization of the Ministry of Science and ICT, the developers and security experts have found a method of recovering a portion of the stolen funds.
The major challenge by all crypto exchanges, is protecting user funds as explained by Dr. Robert Statica to Ethereum World News. Dr. Statica was quoted as saying:
Exchanges have to take immediate & drastic cybersecurity measures but also look at how the coins & wallets are protected in transit and at rest.
Unless changes are being made right away, the attacks and their magnitude will intensify both in frequency and volume.
He also added that the solution was that…
Wallets and exchanges should employ a strong 2-factor authentication (2FA) protocol on top of the end to end encryption of the communication between the user’s device and the exchange.
Wallets and Cryptocurrencies must be protected in a way that coins belonging to a particular user and wallet cannot be stored in another user’s unauthorized wallet. This type of protection would have solved all of the hacks that happened, so far, in which coins were extracted from exchanges or directly from users wallets.
Multiple layers of encryption (both in transit and at rest) combined with user and wallets authentication techniques and at the minimum 2FA enforced for all account holders are a must to reduce the attack vectors.
In conclusion, the act by Bithumb to compensate losses incurred by users is a welcome relief for all traders within and outside the exchange. This hack, and others before, will be vital in offering lessons in enhancing the security of all cryptocurrency exchanges.