Cyber Incident Victim: Bithumb

On June 29, 2017, Bithumb, South Korea’s largest Bitcoin and Ethereum exchange by volume and the fourth-largest Bitcoin exchange globally, detected a cybersecurity breach impacting its users. The attack compromised the personal information of 31,800 website users, including names, mobile phone numbers, and email addresses. Bithumb reported the incident to authorities on June 30, 2017, after confirming unauthorized access. Financial losses emerged rapidly, with one victim reporting the disappearance of Bitcoin equivalent to 10 million won (~$8,700 USD at the time) from their account. A survey of affected users estimated "hundreds of millions of won" had been stolen from approximately 100 investors. Over 100 customers filed formal complaints with South Korea’s National Police Agency cybercrime unit. Bithumb processed over 13,000 Bitcoins in daily trading volume and held a 75.7% share of South Korea’s Bitcoin market at the time, amplifying the breach’s significance.

The attackers leveraged stolen credentials to conduct voice phishing campaigns, impersonating Bithumb executives to deceive victims. In one confirmed case, a fraudster contacted a user claiming suspicion of "foreign hacking transactions" and tricked them into disclosing a one-time password (OTP), enabling the theft of 10 million won. Bithumb asserted that no direct compromise of exchange wallets or internal servers occurred, attributing the breach instead to an employee’s compromised personal computer. Despite this claim, multiple users reported their digital currency wallets being emptied. The exchange announced compensation of up to 100,000 won per affected user for personal information leakage but maintained that customer funds remained technically secure. The incident highlighted vulnerabilities in user authentication processes and third-party access points within cryptocurrency platforms.