Author

Topic: [2017-04-28] South Korean Bitcoin Exchange Suffers $5 Million Hack (Read 12520 times)

sr. member
Activity: 270
Merit: 250
Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

It could very well be an inside job. In some cases 'hacked' exchanges (Bitfinex is one of them) show shady behavior prior and after the 'hack'. In this case I can't judge on how it was behaving prior to the hack as I honestly didn't know this exchange before articles about a hack started to pop up. Either way, the customers are always the victim. It will take years before they get a full refund (assuming this exchange doesn't break their promise). Sad reality.
I find it very difficult to believe that Bitcoin can be connected with North Korea. This is not a country where people can make a choice in this or that direction of employment. And for illegal use or financial circulation with illegal currency turnover in general can sentence to the death penalty. The North Korean government will not joke.

I agree that North Korea has very strict laws. I do not think that bitcoin can be distributed there. There, the economy and the government are too conservative.
Maybe this news arose for the people to have a negative opinion about bitcoin
sr. member
Activity: 426
Merit: 250
Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

It could very well be an inside job. In some cases 'hacked' exchanges (Bitfinex is one of them) show shady behavior prior and after the 'hack'. In this case I can't judge on how it was behaving prior to the hack as I honestly didn't know this exchange before articles about a hack started to pop up. Either way, the customers are always the victim. It will take years before they get a full refund (assuming this exchange doesn't break their promise). Sad reality.
I find it very difficult to believe that Bitcoin can be connected with North Korea. This is not a country where people can make a choice in this or that direction of employment. And for illegal use or financial circulation with illegal currency turnover in general can sentence to the death penalty. The North Korean government will not joke.
legendary
Activity: 1232
Merit: 1091
Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.

It could very well be an inside job. In some cases 'hacked' exchanges (Bitfinex is one of them) show shady behavior prior and after the 'hack'. In this case I can't judge on how it was behaving prior to the hack as I honestly didn't know this exchange before articles about a hack started to pop up. Either way, the customers are always the victim. It will take years before they get a full refund (assuming this exchange doesn't break their promise). Sad reality.
sr. member
Activity: 287
Merit: 250
That would be a smart thing to do. I'm quite sue all payments are handled manually, so someone must have confirmed it on all those wallets.
There should be a rule that all big payments are verified before being sent. It's either an inside job or they were naive and careless.

I don't think everything is being handled manually. If it would, this situation likely wouldn't end up as bad as it did right now. Exchanges processing everything manually would surely help, but people would be complaining constantly as their withdrawals don't come through within a few minutes. I can't find any information on how the hackers managed to move these coins to their own wallets, or how they managed to abuse whatever weak spot in the system. Hacking is a very wide term that in this case may stand for hundreds of ways of how this theft could have happened.
All hacker hacking of financial companies and institutions is not just a matter of course, but with the help of their administration, I am convinced of this. Any secret information that helps to achieve the goal falls into the hands of hackers only from employees.
legendary
Activity: 1232
Merit: 1091
That would be a smart thing to do. I'm quite sue all payments are handled manually, so someone must have confirmed it on all those wallets.
There should be a rule that all big payments are verified before being sent. It's either an inside job or they were naive and careless.

I don't think everything is being handled manually. If it would, this situation likely wouldn't end up as bad as it did right now. Exchanges processing everything manually would surely help, but people would be complaining constantly as their withdrawals don't come through within a few minutes. I can't find any information on how the hackers managed to move these coins to their own wallets, or how they managed to abuse whatever weak spot in the system. Hacking is a very wide term that in this case may stand for hundreds of ways of how this theft could have happened.
hero member
Activity: 2184
Merit: 531
I wonder how they're doing it. If the wallets are password protected they have to somehow inject troyans with keyloggers. Otherwise they'd only be able to obtain wallet files but would need time to crack them. Maybe the wallets had no passwords? That wouldn't surprise me...

I think it's more like they managed to manipulate the system in such a way, that they are able to request many weigthy withdrawals to their preferred addresses. Even if that isn't the case, the exchange in question could take immediate action by double spending their coins with an insane fee, so that the chances are high that the outgoing transactions from the hackers will drop. As long as there aren't any confirmations, the hackers don't actually own the coins.
That would be a smart thing to do. I'm quite sue all payments are handled manually, so someone must have confirmed it on all those wallets.
There should be a rule that all big payments are verified before being sent. It's either an inside job or they were naive and careless.
legendary
Activity: 2170
Merit: 1427
Stupid? That's for sure.

It all depends on how they set things up. It's also not clear how the 'hackers' managed to gain access to the hot wallets. It's an article that says hackers managed to attack the four hot wallets - which literally provides no useful information. Assuming this was indeed a hack, and not an inside job, the way they have set everything up didn't contribute a single bit to their overall security. It's not only amateurish, but it also shows their incompetence. This is exactly why I always withdraw all my coins after every trading session.
legendary
Activity: 2016
Merit: 1107
i don't get it

why the hell in the heaven, customers need to 'pays' exchange fault?  Huh Huh Huh

whyyyyyyyyyyyyyyy

for the sole reason that the funds stolen were mostly users deposits
customers do not "need" to pay exchange fault,they will want to recover their money
there is no other way for a business to compensate other than issue IOUs and slowly (but surely?)
repay the ones who lost their coins,although this is going to be one hell of a task,their profit was 1.8 mil $ before the hack
and after the hack the traders confidence will be low and many would flee the exchange,so expect 3-4 years if not more
hero member
Activity: 1918
Merit: 564
How many online exchange wallet threads will it take before people wise up and start taking responsibility for keeping their own coins?  I couldn't sleep at night if I had 25 BTC (example) sitting in ANY online exchange.  You wake up and read about the ooooooops the coins are gone in the local papers.  No thanks.  It makes me nervous when my coins are passing through LBC for like 10 minutes while dealing with a client.  Nothing personal against LBC but online is online!

Aren't they trading?  They can do nothing about it.  Now if you have an idea how to trade continuously while holding your coins in your own wallet then better spill it here.  I agree, idle coins should be kept within our local/offline wallets,  but active coins (used for trading) are needed to be on exchange or platform. 



Seems Yapizon is looking at Bitfinex recovering/payment model when they issue their token. It is quite sad to read this kind of news.

i don't get it
why the hell in the heaven, customers need to 'pays' exchange fault?  Huh Huh Huh

whyyyyyyyyyyyyyyy

It seems they need to borrow money from the users, since they have the authority, they made it compulsory.  And in exchange the users will be given token that will make them earn profit from the sites earning.

legendary
Activity: 1232
Merit: 1091
I wonder how they're doing it. If the wallets are password protected they have to somehow inject troyans with keyloggers. Otherwise they'd only be able to obtain wallet files but would need time to crack them. Maybe the wallets had no passwords? That wouldn't surprise me...

I think it's more like they managed to manipulate the system in such a way, that they are able to request many weigthy withdrawals to their preferred addresses. Even if that isn't the case, the exchange in question could take immediate action by double spending their coins with an insane fee, so that the chances are high that the outgoing transactions from the hackers will drop. As long as there aren't any confirmations, the hackers don't actually own the coins.
newbie
Activity: 58
Merit: 0
i don't get it

why the hell in the heaven, customers need to 'pays' exchange fault?  Huh Huh Huh

whyyyyyyyyyyyyyyy
hero member
Activity: 2184
Merit: 531
I wonder how they're doing it. If the wallets are password protected they have to somehow inject troyans with keyloggers. Otherwise they'd only be able to obtain wallet files but would need time to crack them. Maybe the wallets had no passwords? That wouldn't surprise me...
hero member
Activity: 1792
Merit: 534
Leading Crypto Sports Betting & Casino Platform
It is as if these hacks are carefully orchestrated with every rapid price increase. The price goes up aggressively and a hack goes down on one of

the exchanges. I am not usually a conspiracy theorist but the coincidence and timing of these hacks are pretty predictable with every price

increase these days. The damage after the MtGox  hack is still being felt after all these years.... just image where we would have been, if that

did not happen.  Roll Eyes
It's really weird.  If I were them and I was into stealing thousands of Bitcoin from exchanges, I'd be working on it all the time.  It can't be easy for them to dump so much money on exchanges straight away after they hack one of them, so during a big pump surely wouldn't be the best time (not that this is a huge pump, but 2013 was).
legendary
Activity: 1904
Merit: 1074
It is as if these hacks are carefully orchestrated with every rapid price increase. The price goes up aggressively and a hack goes down on one of

the exchanges. I am not usually a conspiracy theorist but the coincidence and timing of these hacks are pretty predictable with every price

increase these days. The damage after the MtGox  hack is still being felt after all these years.... just image where we would have been, if that

did not happen.  Roll Eyes
legendary
Activity: 2478
Merit: 1360
Don't let others control your BTC -> self custody
It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets?  It's stupid! ....

also, this one mentions FOUR hot wallets....  LOL?

It's not that uncommon for exchanges to use several hot wallets. It largely depends on the frequency of people cashing out their coins. If people aren't cashing out their coins frequently, it means that less coins need to sit in their hot wallet. But if the opposite is the case, where people constantly withdraw large numbers of coins, they need to stack their hot wallets in order to process everything without any delays - for people's convenience. Main reason for exchanges to operate several hot wallets is to avoid putting everything into one basket. It has all to do with security, which in this case didn't stand a chance as the hacker gained access to all four wallets.
Not uncommon? Maybe.
Stupid? That's for sure.

Why would they need 4 hot wallets if they could have just 1 with a single person responsible for it?
1 Employee sitting in front of a clean machine with only security programs and network monitoring that would immediately show someone connecting from the outside and a single wallet that only you know the pass to.
All trading is done in the API without the access to actual coins.
Hot wallet with a limit of, say 500BTC. Once that is reached and there are no big withdrawals pending, you send half of it to your cold wallet.
This makes your hot wallet handle small payment only and you got only 1 person that manages it. Really handling a couple hundred payments a day is nothing for a full time employee, especially in Asia.
Big numbers are handled by the cold wallet machine that goes online only once a day at random hours for a short while to process the transactions. This is handled by the owners of the exchange with only 2 people having access.
Banks have big vaults guarding the money and bitcoin businesses are so careless.
legendary
Activity: 2016
Merit: 1107
so many exchanges getting hacked lately that it is scary to trade
although this 5 mil $ is not very significant for an exchange,it is more important  that the exchanges are being targeted and
there is no doubt there will be more hacks going on,especially with the price over 1300$
and of course HOT WALLETS, FOUR hot wallets!!! are you being serious?
it is not a major exchange,there is no excuse to keep so many coins,it is not like their daily volume was anywhere near the stolen sum
 >3800 bitcoins stored in hot wallets,basically you were asking to get hacked
legendary
Activity: 2170
Merit: 1427
It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets?  It's stupid! ....

also, this one mentions FOUR hot wallets....  LOL?

It's not that uncommon for exchanges to use several hot wallets. It largely depends on the frequency of people cashing out their coins. If people aren't cashing out their coins frequently, it means that less coins need to sit in their hot wallet. But if the opposite is the case, where people constantly withdraw large numbers of coins, they need to stack their hot wallets in order to process everything without any delays - for people's convenience. Main reason for exchanges to operate several hot wallets is to avoid putting everything into one basket. It has all to do with security, which in this case didn't stand a chance as the hacker gained access to all four wallets.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets?  It's stupid! ....

also, this one mentions FOUR hot wallets....  LOL?
hero member
Activity: 1792
Merit: 534
Leading Crypto Sports Betting & Casino Platform
It's pretty surprising that it's so damn easy to hack all these exchanges.

Why do they always hold so much money in hot wallets?  It's stupid! They only need to hold as much money in hot wallets as they need for the day's transactions.  Multisig transactions are clearly still insecure if they've been hacked so many times.

This isn't even the worst instance of hacking and it's only bad because it's on a smaller exchange.
hero member
Activity: 761
Merit: 606
How many online exchange wallet threads will it take before people wise up and start taking responsibility for keeping their own coins?  I couldn't sleep at night if I had 25 BTC (example) sitting in ANY online exchange.  You wake up and read about the ooooooops the coins are gone in the local papers.  No thanks.  It makes me nervous when my coins are passing through LBC for like 10 minutes while dealing with a client.  Nothing personal against LBC but online is online!
legendary
Activity: 1232
Merit: 1091
It's of course sad for those affected, but the number of stolen coins is too insignificant to even dent the western market. It will just like Bitfinex issue tokens that will eventually lead to users being compensated, which according to the company's annual profits, will take more than 2 years in order for people to get fully compensated. Bitfinex haircut was slightly over 36%, where Yapizon will go with around 37%. It's most likely pure coincidence that the haircut levels are near equal, but it directly sparks as it is somewhat of a similarity.
tyz
legendary
Activity: 3360
Merit: 1533
South Korean Bitcoin Exchange Suffers $5 Million Hack, Issues Bitfinex-Like Tokens

South Korean bitcoin exchange Yapizon was hacked earlier this week, losing more than US$5 million worth of user funds and bitcoin. According to the exchange’s official statement translated by CCN, four hot wallets of the exchange were hacked by an unknown group of hackers. The Yapizon legal team noted that approximately 37 percent of user funds were hacked and exactly 3,816 bitcoins were stolen from the exchange.

https://www.cryptocoinsnews.com/south-korea-yapizon-bitcoin-exchange-hack/
Jump to: