Skip to main content

After Second Hack This Year, South Korean Exchange Youbit Closes Down

Privacy & security - After Second Hack This Year

South Korean exchange Youbit announced on its website today that it is closing down after a hack early Tuesday, December 19, 2017, that resulted in the loss of 17 percent of its assets.

The exchange, previously known as Yapizon, did not indicate how many bitcoins or other cryptocurrencies were stolen or what the total fiat value of the attack amounted to, but it was enough to lead to bankruptcy.

This was the second hack the exchange suffered this year. A prior attack in April 2017, resulted in the loss of 3,816 bitcoins, worth around $5 million at the time.

Youbit said hackers broke into its hot wallet, the online account used to pay out cryptocurrencies instantly. While hot wallets offer greater convenience, they also put funds at greater risk because they are connected to the internet.

The remaining coins were kept offline in a cold wallet, the exchange said, resulting in no additional losses. The exchange indicated that customers could withdraw up to 75 percent of their balances, and the rest would be tallied out after the final settlement.

Korea Internet & Security Agency (KISA), the state agency that responds to cyberattacks, is investigating the incident, as reported in Reuters. KISA has maintained that North Korean hackers were behind the first hack.

Chris Doman, threat engineer at software security company AlienVault, told Bitcoin Magazine, he suspects BlueNoroff, a subgroup of North Korea’s cyber crime group Lazarus is responsible for the second Youbit attack. Lazarus is known for the November 2014 hack on Sony Pictures Entertainment, one of the biggest corporate breaches in history.

While attacks by Lazarus have mainly been aimed at social disruption, recent reports indicate the group is increasingly going after money. With the value of bitcoin surging to all-time highs, exchanges are becoming a lucrative target.

“The first time I saw them target a Bitcoin company was in May this year — the same month they unleashed WannaCry,” Doman said in a statement shared with Bitcoin Magazine.

The exchange that Doman was refering to is South Korean Bitcoin exchange Bithumb. Around that same time, WannaCry ransomware attacks were encrypting user’s computers and offering to de-encrypt them in exchange for bitcoin. Analysis of the techniques used in the WannaCry attacks show strong links to Lazarus.

Doman added, “They’ve also used related malware to opportunistically mine Monero coins on compromised servers. Clearly they have a large interest in cryptocurrencies as an easy method for economic gain, as well as an opportunity to economically weaken their enemies.”

Although Youbit is one of the smaller bitcoin exchanges, the hack underscores the risk involved in leaving funds on an exchange, where control of those funds is handed over to a third party and is only as safe as whatever security measures that exchange chooses to use.

Throughout the history of Bitcoin, hacks have amounted to painful losses. When bitcoin exchange Mt. Gox began liquidation proceedings in April 2014, the company announced that approximately 850,000 bitcoins were missing, an amount valued at more than $450 million at the time. In August 2016, the Bitcoin exchange Bitfinex announced hackers stole approximately 120,000 BTC, worth $72 million at the time.