Korea’s Telecom Giant: Country’s Biggest Crypto Exchange Hack Caused by APT
For the third time in two years, Bithumb, South Korea’s biggest crypto exchange, was hacked in June 2018. SK, the country’s telecom giant, stated that the hack was likely caused by APT attacks.
An “advanced persistent threat” also known as an APT, refers to a network attack in which unauthorized hackers gain access to a network and remain undetected for a long period of time with access to sensitive information and valuable data.
In an interview with local publications, SK Infosec director Lee Jae-woo said:
“The Bithumb crypto exchange hack is currently being invested by local financial authorities and the exact reason for the hack has not been revealed by investigators. But, here at SK Infosec, we suspect that the exchange hack was highly likely caused by an APT attack, either by a way of infiltrating into the computers of employees or the internal system of the exchange.”
Three Scenarios
As a subsidiary of SK, SK Infosec is tasked to investigate various security threats and create solutions to combat large-scale breaches.
Given that SK already invested in Korbit, the third biggest crypto exchange in South Korea and disclosed intent to integrate cryptocurrencies on OKCashBag (the nation’s most widely utilized mileage system), SK Infosec’s extensive evaluation of the Bithumb breach can be attributed to the conglomerate’s deep-rooted interests in the crypto sector.
Lee suggested that the Bithumb hacking attack was caused by one of the following scenarios:
- Hackers gained access to the internal server by targeting an employee with a phishing attack called spearphishing and then directly installing malware onto the employee computer.
- Direct attack on the internal server by initiating an APT attack.
- Targeted a public server, hacked it, and infiltrated into the internal server.
Researchers at SK Infosec emphasized that the second scenario, involving sophisticated APT attacks, is most likely to be the culprit since Bithumb already experienced two hacks based on the first scenario.
Heavy Criticism From the Media
Chosun, a leading mainstream media outlet in South Korea, reported in June that Bithumb had knowledge of suspicious activities four days before the hacking attack occurred.
Despite awareness for suspicious activities, Bithumb was not able to prevent a security breach from impacting its platform and the funds of its users.
Local publications including Chosun reported that the criticism towards Bithumb and other crypto exchanges continued throughout the past 12 months. Local authorities also warned local exchanges regarding their poor security measures and weak internal management systems.
Given that both major exchanges and minor platforms have not been able to protect user funds and prevent security breaches, the government of South Korea may require local exchanges to comply with policies that are on par with banks and regulated financial institutions.
Currently, banks are required to spend 7% of their entire capital on cybersecurity and developing systems that can be utilized in securing user funds. With the government drafting a new crypto regulatory framework it is possible that the government of South Korea may require crypto exchanges to spend a portion of their funds and capital in improving their security measures.