Hackers stole as much as £37.6 million in Ethereum cryptocurrency from South Korean cryptocurrency trading website Upbit this morning, forcing the exchange to shut down operations for at least two weeks.
The theft of 342,000 Ethereum valuing 58 billion won in total by unnamed hackers was announced by Lee Seok-woo, the CEO of Upbit, via a security notice on the exchange's website today.
"At 1:06 PM on November 27, 2019, 342,000 ETH (approximately 58 billion won) were transferred from the Upbit Ethereum Hot Wallet to an unknown wallet. Unknown wallet address is 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029," he said.
Addressing investors of Upbit, Seok-woo said that the theft took place from the firm's Ethereum hot wallet and prompt response from Upbit ensured that no investors' assets were lost. The firm is now in the process of replacing the 342,000 Ethereum stolen by hackers and until the process is completed, all crypto-asset deposits and withdrawals will remain suspended.
In the meantime, the firm will also transfer all crypto-assets from its hot wallets to more-secure cold wallets and will keep trading postponed for at least two weeks. Trading will resume once the stolen Ethereum assets are completely replaced.
Seok-woo also revealed the hacker's cryptocurrency wallet address where £37.6m worth of Ethereum was transferred and requested the crypto community's support in blocking deposits from the hacker's wallet.
Cryptocurrency exchanges are now the favourite targets of hackers
Cryptocurrency exchanges have been targeted by hackers frequently over the past few years because of the vast sums of crypto-assets they hold and trade and also because the anonymity that cryptocurrency guarantees during purchases.
In 2017, popular South Korean cryptocurrency exchange Youbit was forced to declare bankruptcy after a major cyber-attack on its servers wiped out 17% of its overall assets. Following the attack, Youbit announced that it had halted all deposits and withdrawals and that it would disburse all cryptocurrency in its possession.
A cyber-attack on Bithumb, South Korea's largest ethereum cryptocurrency exchange, in the same year also resulted in a loss of over $1 million in digital coins. The hackers also compromised details of 30,000 customers and proceeded to dry up customers' Bithumb accounts using stolen passwords.
In February last year, BitGrail, a leading Italian cryptocurrency exchange, lost almost 17 million Nano cryptocurrency to unauthorised transactions, thereby suffering losses of up to $170 million in real money. Left with only 4 million Nano cryptocurrency after the theft took place, Bitgrail was left unable to refund customers who had lost their crypto-assets.
"No matter how secure a currency is, if the web application, mobile application, server or network the currency operates on is vulnerable, the contents are at risk. Secondly, there needs to be a greater focus on preventing social engineering attacks - protecting against website clones and educating users to avoid malicious websites and apps as quick as possible.
"If cybersecurity continues to be a second thought, we will continue to see sustained attacks that damage the reputation of virtual currencies as a whole, and ultimately results innocent users losing their money to criminals," said Leigh-Anne Galloway, Cyber Resilience Lead at Positive.com to TEISS.