For the second time in two weeks, South Korea was hit with a multimillion-dollar cryptocurrency hack. The South Korean exchange Bithumb confirmed on June 20 that 35 billion Korean won (approximately $31.5 million) in coins was stolen. A temporary notice (that has since been removed from the Bithumb website) announced a halt in trading after the exchange revealed that "some cryptocurrencies worth about 35 billion won were seized between late yesterday and early morning today."
The announcement comes just nine days after fellow South Korean exchange Coinrail acknowledged it was robbed of close to 40 billion won (around $35 million at the time) worth of digital assets, and five months after the hack of Japanese exchange Coincheck, which – at roughly $530 million in coins lost – is possibly the largest exchange theft to date.
In each of these hacks, the security shortcomings involve the exchanges' "hot wallets," or wallets that are stored and accessible online. Bitcoin transaction fees have dramatically risen in response to the Bithumb hack: The average transaction costs nearly $3, up from $0.55, and takes 20 minutes to confirm instead of the previous six minutes (at time of writing). This is likely due, in part, to Bithumb's consolidation of its hot wallet inventory to prevent further loss.
Hot wallets are convenient because they serve as staging points for exchange trades. Exchanges typically either deposit or withdraw from these online accounts as a way to simplify the key transfer process. The problem, however, comes when the coins are not moved to cold storage in a prompt manner. Funds are often kept in hot wallets to facilitate short-term day trading as a way to avoid having to manage multiple wallets – but the result is that digital currency left online may be at risk.
"As might be expected, any indication of insecurity in a traded currency leads to a loss in value, and digital currencies are no different," Brian Chappell, senior director for enterprise and solutions architecture at security software company BeyondTrust, told ETHNews. "This latest in a growing line of high-profile, significant thefts of digital currency has already seen bitcoin taking a significant downturn – approaching two percent. While this seems minor – considering the general plummet of around 70 percent from its peak just seven months ago – when this can be seen across all digital currencies, it begins to add up quickly for investors."
Chappell pointed out that online wallets are insecure by design so their owners can use them remotely. Despite this, there is room for the exchanges to secure the wallet environment to make hacking a harder proposition. "Relying less on the security of the individual wallets and more on the underlying systems of the exchanges should lead to an improvement in overall security," Chappell said.