[2017-04-28] South Korean Bitcoin Exchange Suffers $5 Million Hack

Antoshka

sr. member

Activity: 270

Merit: 250

Quote from: jonnybravo0411 on May 03, 2017, 11:19:34 AM

Quote from: richardsNY on May 01, 2017, 02:15:50 PM

Quote from: Samadur on May 01, 2017, 12:57:23 PM

Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

It could very well be an inside job. In some cases 'hacked' exchanges (Bitfinex is one of them) show shady behavior prior and after the 'hack'. In this case I can't judge on how it was behaving prior to the hack as I honestly didn't know this exchange before articles about a hack started to pop up. Either way, the customers are always the victim. It will take years before they get a full refund (assuming this exchange doesn't break their promise). Sad reality.

I find it very difficult to believe that Bitcoin can be connected with North Korea. This is not a country where people can make a choice in this or that direction of employment. And for illegal use or financial circulation with illegal currency turnover in general can sentence to the death penalty. The North Korean government will not joke.

I agree that North Korea has very strict laws. I do not think that bitcoin can be distributed there. There, the economy and the government are too conservative.
Maybe this news arose for the people to have a negative opinion about bitcoin

jonnybravo0411

sr. member

Activity: 426

Merit: 250

Quote from: richardsNY on May 01, 2017, 02:15:50 PM

Quote from: Samadur on May 01, 2017, 12:57:23 PM

Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

It could very well be an inside job. In some cases 'hacked' exchanges (Bitfinex is one of them) show shady behavior prior and after the 'hack'. In this case I can't judge on how it was behaving prior to the hack as I honestly didn't know this exchange before articles about a hack started to pop up. Either way, the customers are always the victim. It will take years before they get a full refund (assuming this exchange doesn't break their promise). Sad reality.

I find it very difficult to believe that Bitcoin can be connected with North Korea. This is not a country where people can make a choice in this or that direction of employment. And for illegal use or financial circulation with illegal currency turnover in general can sentence to the death penalty. The North Korean government will not joke.

richardsNY

legendary

Activity: 1232

Merit: 1091

Quote from: Samadur on May 01, 2017, 12:57:23 PM

Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

It could very well be an inside job. In some cases 'hacked' exchanges (Bitfinex is one of them) show shady behavior prior and after the 'hack'. In this case I can't judge on how it was behaving prior to the hack as I honestly didn't know this exchange before articles about a hack started to pop up. Either way, the customers are always the victim. It will take years before they get a full refund (assuming this exchange doesn't break their promise). Sad reality.

Samadur

sr. member

Activity: 287

Merit: 250

Quote from: richardsNY on April 30, 2017, 05:01:08 PM

Quote from: pixie85 on April 30, 2017, 01:21:39 PM

That would be a smart thing to do. I'm quite sue all payments are handled manually, so someone must have confirmed it on all those wallets.
There should be a rule that all big payments are verified before being sent. It's either an inside job or they were naive and careless.

I don't think everything is being handled manually. If it would, this situation likely wouldn't end up as bad as it did right now. Exchanges processing everything manually would surely help, but people would be complaining constantly as their withdrawals don't come through within a few minutes. I can't find any information on how the hackers managed to move these coins to their own wallets, or how they managed to abuse whatever weak spot in the system. Hacking is a very wide term that in this case may stand for hundreds of ways of how this theft could have happened.

All hacker hacking of financial companies and institutions is not just a matter of course, but with the help of their administration, I am convinced of this. Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

richardsNY

legendary

Activity: 1232

Merit: 1091

Quote from: pixie85 on April 30, 2017, 01:21:39 PM

That would be a smart thing to do. I'm quite sue all payments are handled manually, so someone must have confirmed it on all those wallets.
There should be a rule that all big payments are verified before being sent. It's either an inside job or they were naive and careless.

I don't think everything is being handled manually. If it would, this situation likely wouldn't end up as bad as it did right now. Exchanges processing everything manually would surely help, but people would be complaining constantly as their withdrawals don't come through within a few minutes. I can't find any information on how the hackers managed to move these coins to their own wallets, or how they managed to abuse whatever weak spot in the system. Hacking is a very wide term that in this case may stand for hundreds of ways of how this theft could have happened.

pixie85

hero member

Activity: 2184

Merit: 531

Quote from: richardsNY on April 29, 2017, 03:31:00 PM

Quote from: pixie85 on April 29, 2017, 02:47:18 PM

I wonder how they're doing it. If the wallets are password protected they have to somehow inject troyans with keyloggers. Otherwise they'd only be able to obtain wallet files but would need time to crack them. Maybe the wallets had no passwords? That wouldn't surprise me...

I think it's more like they managed to manipulate the system in such a way, that they are able to request many weigthy withdrawals to their preferred addresses. Even if that isn't the case, the exchange in question could take immediate action by double spending their coins with an insane fee, so that the chances are high that the outgoing transactions from the hackers will drop. As long as there aren't any confirmations, the hackers don't actually own the coins.

That would be a smart thing to do. I'm quite sue all payments are handled manually, so someone must have confirmed it on all those wallets.
There should be a rule that all big payments are verified before being sent. It's either an inside job or they were naive and careless.

1Referee

legendary

Activity: 2170

Merit: 1427

Quote from: darkangel11 on April 29, 2017, 08:12:10 AM

Stupid? That's for sure.

It all depends on how they set things up. It's also not clear how the 'hackers' managed to gain access to the hot wallets. It's an article that says hackers managed to attack the four hot wallets - which literally provides no useful information. Assuming this was indeed a hack, and not an inside job, the way they have set everything up didn't contribute a single bit to their overall security. It's not only amateurish, but it also shows their incompetence. This is exactly why I always withdraw all my coins after every trading session.

veleten

legendary

Activity: 2016

Merit: 1107

Quote from: avs001 on April 29, 2017, 03:22:00 PM

i don't get it

why the hell in the heaven, customers need to 'pays' exchange fault? Huh

whyyyyyyyyyyyyyyy

for the sole reason that the funds stolen were mostly users deposits
customers do not "need" to pay exchange fault,they will want to recover their money
there is no other way for a business to compensate other than issue IOUs and slowly (but surely?)
repay the ones who lost their coins,although this is going to be one hell of a task,their profit was 1.8 mil $ before the hack
and after the hack the traders confidence will be low and many would flee the exchange,so expect 3-4 years if not more

BitcoinPanther

hero member

Activity: 1918

Merit: 564

Quote from: Coin-Keeper on April 28, 2017, 01:35:13 PM

How many online exchange wallet threads will it take before people wise up and start taking responsibility for keeping their own coins? I couldn't sleep at night if I had 25 BTC (example) sitting in ANY online exchange. You wake up and read about the ooooooops the coins are gone in the local papers. No thanks. It makes me nervous when my coins are passing through LBC for like 10 minutes while dealing with a client. Nothing personal against LBC but online is online!

Aren't they trading? They can do nothing about it. Now if you have an idea how to trade continuously while holding your coins in your own wallet then better spill it here. I agree, idle coins should be kept within our local/offline wallets, but active coins (used for trading) are needed to be on exchange or platform.

Seems Yapizon is looking at Bitfinex recovering/payment model when they issue their token. It is quite sad to read this kind of news.

Quote from: avs001 on April 29, 2017, 03:22:00 PM

i don't get it
why the hell in the heaven, customers need to 'pays' exchange fault? Huh

whyyyyyyyyyyyyyyy

It seems they need to borrow money from the users, since they have the authority, they made it compulsory. And in exchange the users will be given token that will make them earn profit from the sites earning.

richardsNY

legendary

Activity: 1232

Merit: 1091

Quote from: pixie85 on April 29, 2017, 02:47:18 PM

I wonder how they're doing it. If the wallets are password protected they have to somehow inject troyans with keyloggers. Otherwise they'd only be able to obtain wallet files but would need time to crack them. Maybe the wallets had no passwords? That wouldn't surprise me...

I think it's more like they managed to manipulate the system in such a way, that they are able to request many weigthy withdrawals to their preferred addresses. Even if that isn't the case, the exchange in question could take immediate action by double spending their coins with an insane fee, so that the chances are high that the outgoing transactions from the hackers will drop. As long as there aren't any confirmations, the hackers don't actually own the coins.

avs001

newbie

Activity: 58

Merit: 0

i don't get it

why the hell in the heaven, customers need to 'pays' exchange fault? Huh

whyyyyyyyyyyyyyyy

pixie85

hero member

Activity: 2184

Merit: 531

I wonder how they're doing it. If the wallets are password protected they have to somehow inject troyans with keyloggers. Otherwise they'd only be able to obtain wallet files but would need time to crack them. Maybe the wallets had no passwords? That wouldn't surprise me...

Iranus

hero member

Activity: 1792

Merit: 534

Leading Crypto Sports Betting & Casino Platform

Quote from: Kprawn on April 29, 2017, 10:06:20 AM

It is as if these hacks are carefully orchestrated with every rapid price increase. The price goes up aggressively and a hack goes down on one of

the exchanges. I am not usually a conspiracy theorist but the coincidence and timing of these hacks are pretty predictable with every price

increase these days. The damage after the MtGox hack is still being felt after all these years.... just image where we would have been, if that

did not happen. Roll Eyes

It's really weird. If I were them and I was into stealing thousands of Bitcoin from exchanges, I'd be working on it all the time. It can't be easy for them to dump so much money on exchanges straight away after they hack one of them, so during a big pump surely wouldn't be the best time (not that this is a huge pump, but 2013 was).

Kprawn

legendary

Activity: 1904

Merit: 1074

It is as if these hacks are carefully orchestrated with every rapid price increase. The price goes up aggressively and a hack goes down on one of

the exchanges. I am not usually a conspiracy theorist but the coincidence and timing of these hacks are pretty predictable with every price

increase these days. The damage after the MtGox hack is still being felt after all these years.... just image where we would have been, if that

did not happen. Roll Eyes

darkangel11

legendary

Activity: 2478

Merit: 1360

Don't let others control your BTC -> self custody

Quote from: 1Referee on April 29, 2017, 06:38:55 AM

Quote from: Bit_Happy on April 28, 2017, 03:06:18 PM

Quote from: Iranus on April 28, 2017, 02:41:15 PM

It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets? It's stupid! ....

also, this one mentions FOUR hot wallets.... LOL?

It's not that uncommon for exchanges to use several hot wallets. It largely depends on the frequency of people cashing out their coins. If people aren't cashing out their coins frequently, it means that less coins need to sit in their hot wallet. But if the opposite is the case, where people constantly withdraw large numbers of coins, they need to stack their hot wallets in order to process everything without any delays - for people's convenience. Main reason for exchanges to operate several hot wallets is to avoid putting everything into one basket. It has all to do with security, which in this case didn't stand a chance as the hacker gained access to all four wallets.

Not uncommon? Maybe.
Stupid? That's for sure.

Why would they need 4 hot wallets if they could have just 1 with a single person responsible for it?
1 Employee sitting in front of a clean machine with only security programs and network monitoring that would immediately show someone connecting from the outside and a single wallet that only you know the pass to.
All trading is done in the API without the access to actual coins.
Hot wallet with a limit of, say 500BTC. Once that is reached and there are no big withdrawals pending, you send half of it to your cold wallet.
This makes your hot wallet handle small payment only and you got only 1 person that manages it. Really handling a couple hundred payments a day is nothing for a full time employee, especially in Asia.
Big numbers are handled by the cold wallet machine that goes online only once a day at random hours for a short while to process the transactions. This is handled by the owners of the exchange with only 2 people having access.
Banks have big vaults guarding the money and bitcoin businesses are so careless.

veleten

legendary

Activity: 2016

Merit: 1107

so many exchanges getting hacked lately that it is scary to trade
although this 5 mil $ is not very significant for an exchange,it is more important that the exchanges are being targeted and
there is no doubt there will be more hacks going on,especially with the price over 1300$
and of course HOT WALLETS, FOUR hot wallets!!! are you being serious?
it is not a major exchange,there is no excuse to keep so many coins,it is not like their daily volume was anywhere near the stolen sum
>3800 bitcoins stored in hot wallets,basically you were asking to get hacked

1Referee

legendary

Activity: 2170

Merit: 1427

Quote from: Bit_Happy on April 28, 2017, 03:06:18 PM

Quote from: Iranus on April 28, 2017, 02:41:15 PM

It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets? It's stupid! ....

also, this one mentions FOUR hot wallets.... LOL?

It's not that uncommon for exchanges to use several hot wallets. It largely depends on the frequency of people cashing out their coins. If people aren't cashing out their coins frequently, it means that less coins need to sit in their hot wallet. But if the opposite is the case, where people constantly withdraw large numbers of coins, they need to stack their hot wallets in order to process everything without any delays - for people's convenience. Main reason for exchanges to operate several hot wallets is to avoid putting everything into one basket. It has all to do with security, which in this case didn't stand a chance as the hacker gained access to all four wallets.

Bit_Happy

legendary

Activity: 2114

Merit: 1040

A Great Time to Start Something!

Quote from: Iranus on April 28, 2017, 02:41:15 PM

It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets? It's stupid! ....

also, this one mentions FOUR hot wallets.... LOL?

Iranus

hero member

Activity: 1792

Merit: 534

Leading Crypto Sports Betting & Casino Platform

It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets? It's stupid! They only need to hold as much money in hot wallets as they need for the day's transactions. Multisig transactions are clearly still insecure if they've been hacked so many times.

This isn't even the worst instance of hacking and it's only bad because it's on a smaller exchange.

Coin-Keeper

hero member

Activity: 761

Merit: 606

How many online exchange wallet threads will it take before people wise up and start taking responsibility for keeping their own coins? I couldn't sleep at night if I had 25 BTC (example) sitting in ANY online exchange. You wake up and read about the ooooooops the coins are gone in the local papers. No thanks. It makes me nervous when my coins are passing through LBC for like 10 minutes while dealing with a client. Nothing personal against LBC but online is online!

Topic: [2017-04-28] South Korean Bitcoin Exchange Suffers $5 Million Hack (Read 12520 times)