According to early reports from security researchers, South Korean cryptocurrency exchange Bithumb has suffered a major attack that started on Friday (March 29) around 01:40 UTC. (This is the second major attack on Bithumb, with the first one occurring in June 2018, when the exchange lost $30 million in crypto.)
One of the first people to report the news of the attack on Bithumb was Dovey Wan, a founding partner at Primitive Ventures:
BREAKING 🚨🚨🚨
Bithumb is being hacked, at its EOS cold storage level!!! Over 3million EOS has been transferred out 👀👀👀
Detail to be reported, confirmed by security firm who’s auditing for Bithumb
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
According to Dovey’s Twitter thread and information we have gathered from other sources, here is what seems to have happened so far (all time information is in UTC):
- The attack started on March 29 at 01:40 with the hacker creating EOS wallet “ifguz3chmamg”.
- Between 13:16 and 15:35 on March 29, 3,132,672 EOS were transferred from wallet address “g4ydomrxhege” (which belongs to Bithumb) to wallet address “ifguz3chmamg” (which belongs to the hacker) in 16 transfers.
- Around 15:21 on March 29, the hacker started transferring the stolen EOS to various other crypto exchanges (including Huobi, HitBTC, and Changelly).
- Around 16:08 on March 29, Bithumb started transferring the remaining balance at wallet address “g4ydomrxhege” to its cold wallet (“bithumbshiny”), a process that is still ongoing at the time of writing (08:42 on March 30).
Here are some more updates from Dovey regarding the stolen EOS:
With more updates numbers on stolen fund distribution (number of $EOS) and the hacker’s address still holds 1.9Million $EOS
EXMO: 662,600
Huobi: 263,605
Changelly 143,511
KuCoin: 96,270
CoinSwitch: 38,725$EOS DUMP 👀👀👀— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
3. EOS won’t be able to freeze this time, or it’s now too late
4. Hacker has been disposing the stolen EOS via ChangeNow, a non-custodial crypto swap platform dose not require KYC/account
5. Bithumb is the only top Korean ex operator without a commercial banking partnership pic.twitter.com/SM9Wes0BI6
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
Stolen fund flow analysis :
Majority of the Bithumb stolen EOS are sent to @Exmo_Com @HuobiGlobal @kucoincom @coinswitch @ChangeNOW_io @hitbtc Changley, and a little bit to @binance @hitbtc and BW pic.twitter.com/shT1Ei4uRC
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
And here is Binance CEO Changpeng Zhao (“CZ”) providing some further information on the whereabouts of the stolen EOS:
Received this diagram in a group: pic.twitter.com/PqcyaCDRKB
— CZ Binance (@cz_binance) March 30, 2019
CZ also confirmed that so far none of the stolen EOS has made its way to Binance:
As far as we can monitor, none of the “allegedly hacked” EOS were sent to @binance.
I think hackers don't want to deal with our big-data risk management system anymore.
Stay #SAFU. https://t.co/L2jw668f30
— CZ Binance (@cz_binance) March 30, 2019
Also, it seems that over 20 million XRP tokens were stolen as well:
From a comment below.. $XRP wallet is hacked too ..
XRP hacked wallet address – rLaHMvsPnPbiNQSjAgY8Tf8953jxQo4vnu
stolen 20,000,000 xrp (worth $6,000,00)OMFG 🤦🏻♀️🤦🏻♀️🤦🏻♀️
— Dovey Wan 🦖 (@DoveyWan) March 30, 2019
This is the latest tweet (sent out at 04:28 UTC on March 30) from Bithumb’s account:
[Notice🔔]
We deeply apologize to our members for delaying the cryptocurrency deposit and withdrawal service, we would like to inform you of the circumstances of the grounds and confirm that your assets are safe.
For more details >> https://t.co/dOvT78P0sK— Bithumb (@BithumbOfficial) March 30, 2019
According to the latest notice posted on Bithumb’s website, it seems that the exchange thinks that this was an inside job, it has allerted the authorities, and is working on recovering the stolen funds.
As the story develops, we will update this article…
