Euro Security Watch with Mathew J. Schwartz

Anti-Money Laundering (AML) , Blockchain & Cryptocurrency , Breach Notification

Hackers Steal $49 Million in Ethereum From Upbit Exchange

$158 Million Stolen So Far This Year From Cryptocurrency Exchanges
Hackers Steal $49 Million in Ethereum From Upbit Exchange
Hackers stole ethereum valued at 58 billion South Korean won (bank notes pictured) from Upbit (Photo: YunHo Lee, via Flickr/CC)

Poorly secured cryptocurrency exchanges: Hackers and rogue nation states' best friend?

See Also: Webinar | Prisma Access Browser: Boosting Security for Browser-Based Work

Without a doubt, online exchanges trading in bitcoin, monero, litecoin, ethereum and other digital currencies continue to get hacked, fueling many an illicit payday.

The latest victim is South Korean cryptocurrency exchange Upbit, which says hackers stole $49 million worth of Ethereum from its hot wallet.

Hackers struck at 1:06 p.m. local time on Wednesday, moving "342,000 ETH (approximately 58 billion won) ... from the Upbeat ethereum hot wallet to an unknown wallet," Lee Seok-Woo, Upbit's CEO, says in a blog post.

Upbit says it responded immediately to the breach by freezing all cryptocurrency deposits and withdrawals, which it expects to keep in effect for "at least two weeks." For now, all of its cryptocurrency has been transferred from the exchange's internet-connected hot wallet to a cold wallet that is not internet-accessible. The exchange has not said how it got hacked.

"We took immediate actions to protect your assets; no investors' assets were lost," the CEO says. The company has promised to cover the missing ethereum from its own assets, and called on the cryptocurrency community to not accept any transfers from the wallet that hackers used to deposit the stolen assets.

Upbit launched in October 2017 as a joint venture between South Korean app maker Dunamu and U.S.-based Bittrex, a U.S.-based cryptocurrency trading platform.

Heists Continue

The heist shows that cryptocurrency exchanges continue to sport a massive hacker bullseye, for obvious reasons.

One study from June 2017 estimated that the global value of all cryptocurrencies put together was $100 billion, of which 41 percent involved bitcoin, which at the time was seeing its price fluctuate from $2,000 to $3,200. The value of a bitcoin as of Thursday, however, was about $7,500, meaning cryptocurrencies' collective value may now be much higher. Not all of that is being stored in hot wallets, of course, but there appears to still be plenty for the potential taking, and the seemingly nonstop spate of exchanges getting knocked over shows that hackers are continuing to notch numerous successes.

Hackers Move Stolen Funds

Stealing cryptocurrency, of course, is just the start of a longer process by which hackers must then attempt to convert the stolen funds into cash. An array of underground services are designed to help them cash out.

On Thursday, attackers began moving Upbit's stolen ethereum - by that time, worth $52 million - out of the wallet into which it was initially transferred, and into other wallets, which have also now been flagged for their involvement in the Upbit hack.

Likely, the ethereum stolen from Upbit is already being funneled through cryptocurrency tumbling or mixing services to disguise its origin. Such services break up cryptocurrency into very small amounts, move those funds into different wallets, mix them with other funds, and repeat this process any number of times to launder the cryptocurrency. Mixing services can be procured via cybercrime sites, with middlemen taking a cut, of course.

Likely Culprit: North Korea

Upbit hasn't commented on who might have hacked its systems. But one of the main cryptocurrency-hacking culprits remains North Korea, which also appears to have developed its own mixing and tumbling services, experts say.

The lure for the Pyongyang-based regime run by Kim Jong-un is ready cash. Earlier this year, a UN report estimated that Pyongyang had stolen $2 billion via cryptocurrency exchange heists and SWIFT fraud, enabling it to evade U.S. sanctions. The UN said much of the money had been used for developing weapons of mass destruction as well as buying luxury goods (see North Korean Hacking Funds WMD Programs, UN Report Warns).

Cryptocurrency news site Coindesk reported Wednesday that the theft of funds from Upbit marks this year's seventh major exchange heist, following attacks against Cryptopia, DragonEx, Bithumb, Binance, BiTrue and Bitpoint (see Hackers Steal $41 Million Worth of Bitcoins From Binance).

All of those exchanges promised to cover losses, except for Cryptopia, which went out of business. Adding up the stolen funds - based on cryptocurrency values at the time of each theft - equals $158 million.

For cryptocurrency exchange hackers - and most likely, principally the government of North Korea - 2019 has been a very lucrative year. Unless cryptocurrency exchanges can collectively get better defenses in place, that trend looks set to continue in 2020.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.