One of the largest and most influential crypto exchanges in South Korea will be facing charges. It was announced on June 21 that the prosecutor’s office in South Seoul would be taking steps to charge Bithumb for failure to protect customers’ financial information. This came after the company suffered a series of hacks and leaks.
Bithumb has been in trouble for some time. In April, they reported a $180 million loss in 2018. That same month, the company announced that they would not be accepting deposits as they were being investigated following a hack that lost customers $13 million in cryptocurrency. The company originally announced that they would reimburse users who lost funds but took that post down just hours after releasing it.
The prosecutor’s office filed a lawsuit, claiming that Bithumb had not taken the proper precautions to protect users after the first attack. This ultimately led to a second hack where nearly $7 million was stolen from user wallets. It was believed that nearly 31,000 accounts were affected by the first hack, which not only resulted in the loss of currency from accounts but also in customer financial information. The financial information included email addresses, usernames, and phone numbers among other information.
It is believed that the first hack started with an unidentified employee of the company. This led prosecutors to file the suit, believing that the exchange did not take the adequate measures to provide security to protect this information.
According to the charges filed, it is believed that the user information was released through one single computer at Bithumb. The employee failed to run a mandatory antivirus software check on his PC and did not upgrade his operating system to the proper security updates.
Failure for the company to take action to ensure that employees properly complied with security guidelines violated the Information Communication Network Act in South Korea. This law demands that information and communication service providers ensure that all measures are taken to properly protect private information. That clearly does not appear to be the case here.
In the filing, the prosecutor’s office explained “We submitted [Bithumb’s] case to the court because of personal information with…. The economic value was leaked on a large scale, and then further damage occurred.”
For the first time, Bithumb publicly apologized for the breaches but did not take full responsibility for their actions. “We respect the opinion of the prosecution, but the 2017 hack was not related to any personal information leak or theft of customers’ cryptocurrency holdings,” they defended themselves in a statement.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.