Information leak is unrelated to cryptocurrency theft: Bitsum
Korean bitcoin exchange Bitsum says that a hacking incident in 2017 is unrelated to a massive personal information leak that occurred the same year. Prosecutors earlier announced it will indict Bitsum and an employee in charge of information security over breaching the Information and Communications Network Act. What happened? On June 22, 2017, 31,000 pieces of personal information stored in a Bitsum employee’s personal computer were leaked. A hacker made a brute force attack, trying various login methods to enter the Bitsum website. Following the attack, the private information of around 3 percent of the 710,000 Bitsum members was exposed. The leaked information contains customers’ names, phone numbers and cryptocurrency transaction histories. Cryptocurrency was stolen as well Prosecutors believe the hacker used the leaked information to unlawfully acquire the customers’ cryptocurrency. Since the 2017 hacking incident, some Bitsum members have contended that around 7 billion won-worth of cryptocurrency has been stolen through the use of leaked personal information. The Seoul Central District Prosecutors’ Office determined after tracking the hacker’s connection route and verifying internet addresses that it is highly probably a North Korean hacker was responsible for the crime. Cryptocurrency theft came from information leak: Prosecution The cyber investigation team from the Seoul Eastern District Prosecutors’ Office indicted Bitsum and its employee in charge of managing customers’ private information without physical detention on Tuesday. It determined that Bitsum is partly responsible for the incident as the cryptocurrency exchange did not encrypt customers’ private information when storing it on a personal computer. The prosecution added it has indicted the employee on the charge of violating the Act on the Promotion of Information and Communication Network Utilization and Information Protection. Cryptocurrency theft is unrelated to private information leak: Bitsum Bitsum argues that it is probable that the hacker who leaked the customers’ information and the one who stole cryptocurrency from traders are not the same person. It contends that the amount of cryptocurrency stolen from is less than expected if the hacker was the same person in both cases. In addition, the exchange said it is impossible to trade cryptocurrency on Bitsum solely with customers’ email addresses and phone numbers. We immediately launched protective measures: Bitsum Bitsum also disputes the prosecution’s argument that the exchange did not quickly respond to the hacking incident. The exchange argues that it immediately reported the incident to the Korea Communications Commission, the Korea Internet & Security Agency and investigators on top of providing 100,000 won in compensation for customers who’s information was leaked. Jess’ note June 2017 is when there weren’t any guidelines on cryptocurrency exchanges despite the popularity of bitcoin. Bitsum must have panicked after the crime because it was operating with no specific rules in place. Although it is hard to believe that the information leak and cryptocurrency theft could have come from two different hackers, this case surely signifies the importance of modifying related laws and the Financial Action Task Force to come up with a guideline.