The South Korean government announced on Wednesday, June 20, that it has formally launched an investigation into the cause of the alleged security breaches at two crypto exchanges, Bithumb and Coinrail. At the time of this writing, Bithumb is the country’s second-largest crypto exchange by volume, behind only the Kakao Corp-backed Upbit, according to Coinmarketcap. Coinrail is the country’s seventh largest crypto exchange.
The government’s notice states:
The Ministry of Science and Information and Communication Technology (hereinafter referred to as ‘Science and Technology Ministry’) and the Korea Internet & Security Agency (KISA) said that they are investigating the cause of the accident caused by the virtual currency leak that occurred in Coinrail and Bithumb.
So far, the authorities have not confirmed that the two exchanges were hacked. Coinrail announced on June 10 that it was hacked with an estimated loss of approximately $40 million. Just 10 days later, on June 19, Bithumb revealed that approximately $31 million worth of its cryptocurrencies was stolen.
Investigating Security Breaches
In its announcement, the Korean government explained:
As soon as a company reports a hacking incident, a KISA accident investigation worker is quickly on the scene and is investigating. In cooperation with the police, the agency will analyze and respond to the cause of the accident.
The Science and Technology Ministry inspected the level of information security of 21 cryptocurrency exchanges from January to March this year. After discovering that “most companies have security weaknesses,” the ministry suggested some additional measures aimed at boosting the exchanges’ security systems.
According to the ministry, 17 companies had a “system access control deficiency” while 16 had “insufficient network isolation.” 17 were found to have “abnormality” in their “monitoring system” and 18 had poor security management of crypto wallets and cryptographic keys. Furthermore, 10 companies needed “crypto security management” and 12 companies had inadequate firewall and security systems.
While the authority confirmed that Coinrail has not implemented additional measures, Bithumb said during the investigation process that it “plans to check the implementation of the recommendations for complementary measures,” the government described.
The ministry says it will encourage the 21 crypto exchanges that were inspected to implement additional measures by the end of the month and will review their security measures again afterwards, reiterating:
We plan to check whether the improvement measures for security vulnerabilities have been completed.
Furthermore, all newly identified crypto exchanges will also be inspected, the ministry informed, clarifying that upon confirmation of a new crypto dealer, security checks will be conducted.