The Korean based exchange Bithumb has been hacked during a security exercise when they were changing their wallet system, losing approximately 30 million dollars in the process; this according to the Twitter feed of the same exchange where they posted the info. This fact has already affected market prices, making them drop, as it is expected everytime that a hack happens.
Bithumb is the sixth largest exchange in trading volume according to CoinMarketCap, just behind really big exchanges like Binance and Huobi, trading more than 300 million dollars daily. The hack chronology is described in their twitter account. Basically what happened is that while doing security upgrades to the system, an attacker (or attackers) managed to get into the accounts of some clients and took their cryptocurrencies.
Fortunately, Bithumb acted swiftly and managed to stop the losses by moving their entire stash of cryptocurrencies in bulk to cold storage, this is, computers not connected to the internet to avoid further manipulation of the crypto assets. They also announced that since they detected the attack, all deposit and withdrawal services have been suspended until further notice; this to avoid more damage until the hack is clarified.
The tweets mention only that they lost 30 million in cryptocurrency, but they don’t detail if this is an attack directed only to a single cryptocurrency, or if it is a mixed kind of attack, where different kinds of cryptos were stolen. It is uncertain how this whole situation will be managed by Bithumb, but they are expected to refund all lost cryptocurrency to their affected clients.
It is too early to try to guess what really happened and how did the attackers managed to withdraw the funds from the wallets, but this confirms the vulnerability of exchanges to coordinated attacks. A report outed by a security firm earlier this year confirmed that more than 1.1 billion dollars worth of cryptocurrency were stolen till June, and that exchanges were the most targeted businesses; that is why organizations like the Financial Services Agency, the Japanese cryptocurrency watchdog, enforce strong security policy compliance; to avoid occurrences like this.