Since the Coinrail attack that led to the theft of up to $40 million in various cryptos, it seems as if a new attack occurs on crypto exchanges every day in Korea. This time – however – it wasn’t a targeted attack, but an employee handling sensitive information carelessly. Private details of 19 accounts were leaked, leaving more than $650,000 worth of crypto vulnerable.
Relaxed Security Protocols
During an interview, Moon Byung-ki (SK Infotech Department Director) attacked the security protocols of South Korea’s small to medium-sized exchanges. He said that such exchanges fail to allocate budgets for security and infrastructure development, leaving user funds and information vulnerable to security breaches. “Small to medium-sized cryptocurrency exchanges delay the implementation of necessary security measures and are only focusing on business expansion,” said Moon.
Not an Attack, but A Data Leak
This week it was the turn of Bitkoex to make the headlines for putting its users at risk. However, unlike other exchanges, Bitkoex’s data breach was made by an employee who inadvertently shared confidential information through an unencrypted messaging platform.
The unnamed employee transmitted 19 users email addresses, wallet addresses, and private keys via a KakaoTalk group chat, which is a barebones chat platform. Unlike Telegram or Signal, KakaoTalk doesn’t have end-to-end encryption or self-destructing messages. It enjoys a 90% market-share in South Korea thanks to its simplicity and ease of use.
South Korean Exchanges Having A Hard Time
Bitkoex has received a lot of criticism for its actions following the data leak. It reportedly took the exchange a number of hours before the vulnerable accounts had their holdings moved to cold storage. Prior to its launch back in May, Bitkoex promised its users that it had an integrated a security system on par with existing financial institutions.
Just a few weeks ago, Bithumb was hit by an attack and lost in excess of $30 million. Since its launch back in 2013, Bithumb has established a reputation for being a secure exchange, with it once carrying a 24-hour trade volume of over $374 million. Back at the start of June, Coinrail was also hit by an attack and lost an estimated $40 million of client funds.
Calls for Tougher Employee Regulation
There is no cure for ineptitude, so employee mistakes can happen, even within a potentially large scale crypto exchange operation. With Bitkoex only being launched in May, this data leak could be labeled as a lack of staff training. Whatever the reason, such a large mistake at the beginning of its life could really hurt the South Korean crypto exchange.
This data leak is one of the first confirmed reports of its kind in the crypto world. The only other notable time where an employee went rogue was in 2014 when Ghash controlled 55% of the Bitcoin network’s hash power. The employee managed to double spend a small amount of Bitcoin, raising some serious security concerns in the process
In the traditional financial sector, employees who have access to sensitive client account data use machines that have a limited range of applications installed and a very limited internet connection. This means that sites like chat apps would be blocked. By implementing tougher employee protocols – such as strict web filters – accidental data leaks of this nature will become a thing of the past.