Author

Topic: [2018-12-26] Court Win for Bithumb in Case of Crypto Investor’s $355K Hack (Read 140 times)

legendary
Activity: 3094
Merit: 1127
It sounds like the right decision was made. Exchanges can't be held responsible for the carelessness of their users. If there was no security breach to the exchange and other customers were unaffected, we should assume it was the customer's fault.

Exchanges should definitely improve their security options, though. It's not clear whether Park ever received the SMS messages confirming withdrawals from his account. I'd like to see exchanges stop offering SMS for 2-factor authentication and start mandating stronger standards like TOTP.
I dont see anything wrong with SMS 2fa and i do much prefer it due to easy accessibility nor the convenience that it gives. Park do file a case where its clearly seen that this is indeed users fault
just like any other where losing up their funds due to their carelessness and now they do always took the blame on the other side without seeing their own fault. If there are lots of incidents similar to him
then we would see an another decision.

The problem with using SMS for 2FA is that your phone number can be fraudulently ported fairly easily. The hackers call your phone company and switch your phone number to a new SIM card under their control. It happens all the time. There have been cryptocurrency thefts from exchange accounts secured by SMS 2FA. Here's one example.

Use token-based (TOTP) authentication. Google authenticator and similar apps work offline and are always instantly available on your phone or other device. It's just as convenient as SMS but much more secure.
Thanks for the share up! I wasnt aware that this is a possible scenario because if you do tend to do that here on my country its almost impossible for someone to call your sms provider just to change any
other contact number and on the link given thats way too fast on accessing both Coinbase and his gmail account thru the use of SMS authentication. TOTP is a must have.I have changed my mind.lol
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
It sounds like the right decision was made. Exchanges can't be held responsible for the carelessness of their users. If there was no security breach to the exchange and other customers were unaffected, we should assume it was the customer's fault.

Exchanges should definitely improve their security options, though. It's not clear whether Park ever received the SMS messages confirming withdrawals from his account. I'd like to see exchanges stop offering SMS for 2-factor authentication and start mandating stronger standards like TOTP.
I dont see anything wrong with SMS 2fa and i do much prefer it due to easy accessibility nor the convenience that it gives. Park do file a case where its clearly seen that this is indeed users fault
just like any other where losing up their funds due to their carelessness and now they do always took the blame on the other side without seeing their own fault. If there are lots of incidents similar to him
then we would see an another decision.

The problem with using SMS for 2FA is that your phone number can be fraudulently ported fairly easily. The hackers call your phone company and switch your phone number to a new SIM card under their control. It happens all the time. There have been cryptocurrency thefts from exchange accounts secured by SMS 2FA. Here's one example.

Use token-based (TOTP) authentication. Google authenticator and similar apps work offline and are always instantly available on your phone or other device. It's just as convenient as SMS but much more secure.
legendary
Activity: 3094
Merit: 1127
Further, the judge said that it can’t be determined that Park lost his personal data in the April 2017 data breach and suggested that he might have lost his Bithumb login details via a phishing website, or his cellphone might have been hacked.

Finally, regarding the claim that the exchange had not lived up to its fiduciary duty, the court said that was not the case as Bithumb had in fact sent 10 SMS messages to Park about the hacker’s withdrawals to alert him to the fund movements, which must be manually approved by the exchange.

It sounds like the right decision was made. Exchanges can't be held responsible for the carelessness of their users. If there was no security breach to the exchange and other customers were unaffected, we should assume it was the customer's fault.

Exchanges should definitely improve their security options, though. It's not clear whether Park ever received the SMS messages confirming withdrawals from his account. I'd like to see exchanges stop offering SMS for 2-factor authentication and start mandating stronger standards like TOTP.
I dont see anything wrong with SMS 2fa and i do much prefer it due to easy accessibility nor the convenience that it gives. Park do file a case where its clearly seen that this is indeed users fault
just like any other where losing up their funds due to their carelessness and now they do always took the blame on the other side without seeing their own fault. If there are lots of incidents similar to him
then we would see an another decision.
copper member
Activity: 364
Merit: 4
Unless the exchange itself was hacked it is difficult to blame them when someone loses their funds. Normally a hacker will take multiple accounts, so it looks like a user issue whereby he probably got hacked himself via malware.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
Further, the judge said that it can’t be determined that Park lost his personal data in the April 2017 data breach and suggested that he might have lost his Bithumb login details via a phishing website, or his cellphone might have been hacked.

Finally, regarding the claim that the exchange had not lived up to its fiduciary duty, the court said that was not the case as Bithumb had in fact sent 10 SMS messages to Park about the hacker’s withdrawals to alert him to the fund movements, which must be manually approved by the exchange.

It sounds like the right decision was made. Exchanges can't be held responsible for the carelessness of their users. If there was no security breach to the exchange and other customers were unaffected, we should assume it was the customer's fault.

Exchanges should definitely improve their security options, though. It's not clear whether Park ever received the SMS messages confirming withdrawals from his account. I'd like to see exchanges stop offering SMS for 2-factor authentication and start mandating stronger standards like TOTP.
full member
Activity: 694
Merit: 108
santacoin.io
A South Korean court has ruled in favor of the Bithumb exchange after a user was hacked for around $355,000 and moved to sue the firm over the loss.

According to a report from CoinDesk Korea on Tuesday, court documents reveal that Bithumb user Ahn Park said he’d placed 400 million Korean won in his account with Bithumb on Nov. 30 2017 and within hours someone, assumed to be a hacker, had logged into his account and exchanged the cash for ethereum.

Over the same day, Park alleged, Bithumb allowed the ethereum to be transacted out of his wallet four times. As a result, the only funds left when he returned to his account were cryptos worth 121 won (11 U.S. cents) and less than a dollar in cash.

In an attempt to reclaim his funds, Park took Bithumb’s parent firm, Bitsy Korea.com, to a civil court in the Korean capital Seoul, stating: “Considering that Bithumb offers similar services to the financial sector, it requires a high degree of security measures required by financial institutions.”

He also pointed to a major breach of personal information breach that occurred in Bithumb in April 2017 as a possible leak of his account details, and argued the exchange did not live up to its expected fiduciary obligations to act in the best interests of customers. In the 2017 breach, thousands of Bithumb customers had their personal data stolen after malicious code was placed on the platform. Bitsy Korea.com received penalties of 58 million won from authorities as a result.

In its arguments to court, the exchange said, “According to the Electronic Financial Transactions Act, Bithumb is not responsible for compensation because it is not a financial company, an electronic financier, or an electronic financial assistant. … Since we have strengthened our security policy since the leak of personal information, we have fulfilled our obligation to be an observer.”

The judge overseeing the case ultimately backed Bithumb, agreeing that the Electronic Financial Transactions Act does not apply to the exchange, and adding that cryptocurrency is “mainly used as speculative means, so it cannot be regarded as an electronic means of payment.”

Further, the judge said that it can’t be determined that Park lost his personal data in the April 2017 data breach and suggested that he might have lost his Bithumb login details via a phishing website, or his cellphone might have been hacked.

Finally, regarding the claim that the exchange had not lived up to its fiduciary duty, the court said that was not the case as Bithumb had in fact sent 10 SMS messages to Park about the hacker’s withdrawals to alert him to the fund movements, which must be manually approved by the exchange.

CD | https://www.coindesk.com/court-win-for-bithumb-exchange-in-case-of-crypto-investors-355k-hack
Jump to: