Bithumb Hit with Data Leak Charges, Denies Link to Hack
South Korea’s prosecution authorities have indicted Bithumb, one of the country’s largest cryptocurrency exchanges, accusing the platform of leaking sensitive financial data on around 31,000 of its customers.
However, the company claims that the leak – which prosecutors say occurred in 2017 – and a hack worth some USD 6 million that occurred later the same year, were unconnected.
A prosecutor’s office in East Seoul issued court orders to Bithumb and two other companies, travel agency Hana Tour and With Innovation, the operator of hotel booking app Yeogi Eottae.
The prosecution appears keen to draw a link between the data leak and the hack. Per ZDNet Korea, the prosecutor’s office stated, “We submitted [Bithumb’s] case to the court because personal information with […] economic value was leaked on a large scale, and further damage then occurred.”
The same media outlet quoted a Bithumb spokesperson as stating, “We respect the opinion of the prosecution, but [the 2017 hack] was not related to any personal information leak or theft of customers’ cryptocurrency holdings.”
The prosecutor alleges that data on the 31,000 customers affected was stored on a single Bithumb employee’s PC – and that the employee in question was not running antivirus software on their device, nor had they installed basic security updates.
The prosecutor’s statement was damning of all three companies, concluding:
“All three companies failed to take pre-emptive measures to detect vulnerabilities or stop hacking attempts. […] Both Bithumb’s and With Innovation’s revenues have risen quickly over the past three years. Considering how large these companies are, the size of their security spending on data protection has been lacking.”