South Korean crypto exchanges hit with $130K privacy fines

South Korean crypto exchanges hit with $130K privacy fines

South Korea’s information regulator has issued substantial fines to a number of cryptocurrency exchanges on Wednesday, following investigations into alleged breaches of data protection.

The Korea Communications Commission, which is tasked with overseeing enforcement of data protection requirements, issued the fines in an amount topping 140 million won, roughly $130,000, alleging insufficient measures had been put in place at certain exchanges to protect the users’ data.

According to announcements made by the Commission, the move is the result of investigations into 10 domestic cryptocurrency exchanges and comes as part of a wider drive in South Korea to tighten regulations and their application at crypto exchanges and associated businesses.

Of the 10 exchanges that were earmarked for investigation, failures were found at eight, with individual fines ranging up to $14,000.

The full list of exchanges and wallet services hit by the fines is as follows: Youbit, Upbit, Coinpia, Eyalabs, Korbit, Coinone, Ripple4y, and Coinplug.

Amongst the most serious of breaches identified were customer records being retained over a year after they had ceased to use the service, in addition to others who were storing sensitive customer information overseas.

According to the chairman of the KCC, Lee Hyo-Sung, their findings suggest the cryptocurrency industry in South Korea needs to tighten its approach to privacy, under threat of strict sanctions.

“While the security threats such as virtual currency speculation and hacking of handling sites are increasing, the actual situation of personal information protection of major virtual currency exchanges is very weak. Therefore, we will try to reduce the damage of users through more strict sanctions,” Lee said.

The move comes at a time of increasing efforts in South Korea to regulate cryptocurrency businesses, including controversial measures that will prevent foreign investors and traders with anonymous accounts from transacting on cryptocurrency exchanges from the end of January.

The regulator has now pledged to draw up guidance for cryptocurrency businesses, including guidelines for managing data connected to wallets, private keys and transactional information. The exchanges that have been fined in this latest round of enforcement action are now required to comply within 30 days, and to submit a full report to the commission within that time frame, indicating the seriousness of the breaches.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korean exchanges blame North Korea for recent crypto-heists

North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.

Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.

Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.

In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.

“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.

Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.

According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.

In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.

“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korean exchanges blame North Korea for recent crypto-heists

North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.

Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.

Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.

In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.

“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.

Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.

According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.

In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.

“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korea’s Youbit collapses after second hacking in a year

A cryptocurrency exchange in South Korea has halted its trading operations to staunch the losses it incurred after it was hacked—again—this year.

An apologetic Youbit announced on its official website that “all coins and cash withdrawals and withdrawals will be suspended at 12:00 pm on December 19, 2017.” The company, which allows its customers to buy and sell BTC and other virtual currencies on its platform, said it has already filed for bankruptcy following an external hack that resulted in Youbit losing 17% of its total assets.

“We lost our coin purse due to hacking,” Youbit said in a statement signed by “all employees.” “The coin loss at 4:35 a.m. [Tuesday local time] is about 17% of total assets. The other coins were kept in the cold wallet and there were no additional losses.”

This is the second time this year that Youbit, previously known as Yapizon, has fallen victim to a cyber attack. In April, the company lost 4,000 BTCs—worth over $68 million in today’s trading price—in an attack that the government’s Internet and Security Agency (KISA) claimed was carried by spies working for North Korea. The South Korean agency also suspect North Korea of masterminding the recent attacks on the Bithumb and Coinis exchanges.

Youbit said it did its best “to improve the security, recruitment and system maintenance” following the April incident. That resulted in the company managing “to lower the hot wallet rate.”

However, the recent attack, which happened in less than eight months, has left Youbit with no other choice but to shut down.

Youbit plans to distribute the virtual currencies in its possession, although the company noted that users may not be able to get a full return of their funds.

“Due to bankruptcy, the settlement of cash and coins will be carried out in accordance with all bankruptcy procedures,” the exchange said. “However, in order to minimize the damage to our members, we will arrange for the withdrawal of approximately 75 percent of the balance at 4:00 a.m. on December 19. The rest of the unpaid portion will be paid after the final settlement is completed.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korea’s Youbit collapses after second hacking in a year

A cryptocurrency exchange in South Korea has halted its trading operations to staunch the losses it incurred after it was hacked—again—this year.

An apologetic Youbit announced on its official website that “all coins and cash withdrawals and withdrawals will be suspended at 12:00 pm on December 19, 2017.” The company, which allows its customers to buy and sell BTC and other virtual currencies on its platform, said it has already filed for bankruptcy following an external hack that resulted in Youbit losing 17% of its total assets.

“We lost our coin purse due to hacking,” Youbit said in a statement signed by “all employees.” “The coin loss at 4:35 a.m. [Tuesday local time] is about 17% of total assets. The other coins were kept in the cold wallet and there were no additional losses.”

This is the second time this year that Youbit, previously known as Yapizon, has fallen victim to a cyber attack. In April, the company lost 4,000 BTCs—worth over $68 million in today’s trading price—in an attack that the government’s Internet and Security Agency (KISA) claimed was carried by spies working for North Korea. The South Korean agency also suspect North Korea of masterminding the recent attacks on the Bithumb and Coinis exchanges.

Youbit said it did its best “to improve the security, recruitment and system maintenance” following the April incident. That resulted in the company managing “to lower the hot wallet rate.”

However, the recent attack, which happened in less than eight months, has left Youbit with no other choice but to shut down.

Youbit plans to distribute the virtual currencies in its possession, although the company noted that users may not be able to get a full return of their funds.

“Due to bankruptcy, the settlement of cash and coins will be carried out in accordance with all bankruptcy procedures,” the exchange said. “However, in order to minimize the damage to our members, we will arrange for the withdrawal of approximately 75 percent of the balance at 4:00 a.m. on December 19. The rest of the unpaid portion will be paid after the final settlement is completed.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.