A South Korean court has exonerated crypto exchange, Bithumb, from any liabilities arising from an unauthorized intrusion that led to a customer losing thousands of dollars.
According to a report that was first published by the Korea Economic Daily, a client named Ahn Park brought a lawsuit against the company citing remissness. The hacking incident occurred on November 20, 2017, and according to court documents, previously discovered exploits on the platform enabled the hackers to successfully carry out the heist.
The customer argued that the network should have applied sufficient safeguards against similar attacks and so was liable for any losses that would occur in the event of a breach.
Park lost digital currencies worth around 400 million Korean won, which is approximately $350,000. The intruder was able to access his account and siphon funds off the platform in a few hours. The stolen coins were then converted to Ethereum and thereafter distributed to several crypto wallets.
Park asserted that Bithumb had previously been compromised by hackers. This was in July 2017. The intrusion allowed hackers to access records of over 30,000 Bithumb users. He used the incident to highlight the extent of the exchange’s lax security.
According to the plaintiff, the company knew about the underlying server issues that made the site susceptible to hacking but failed to sufficiently patch up the exploits. Hackers apparently used this loophole to steal the customer’s funds.
Park likened Bithumb’s services to those of a financial institution, insisting that such a firm should be held to the same standards as other institutions in the category.
Bithumb distanced itself from any liabilities claiming that it was not a financial institution and therefore not responsible for any financial loses. The company also maintained that it had done its due diligence by notifying the customer about the fund transfers via SMS messages.
The judge noted this account when passing the judgment. He declared that cryptocurrencies are a speculative instrument and not a means of payment, so don’t qualify for financial compensation.
Bithumb’s Breach in June
Bithumb experienced a major hacking attack in June. It led to a loss of about 35 billion Korean won, which is approximately $31 million dollars. The exchange had carried out a security analysis on its platform just days before the incident, which revealed some server-side issues. Bithumb ordered the analysis following an escalation of intrusion attempts.
The firm reported the matter to the Korea Internet & Security Agency (KISA), a government agency that is tasked with investigating cybercrime activities. Investigators from KISA visited Bithumb’s Seoul offices and analyzed the company’s security protocols and servers. Employees were also interviewed.
Bithumb had moved quickly to suspend deposits and withdrawals following the incident to minimize risks. It also shifted a significant portion of its digital assets to cold storage.
The company compensated users who had been affected by the breach, a move that drew applause from industry analysts and observers. Bitcoin entrepreneur, Charlie Shrem, lauded the move saying it was a sign that the industry was becoming more mature.
Crypto Market Regulation in South Korea
The cryptocurrency industry in South Korea lacks a robust set of regulations that protect investors from financial losses in case of pilferage. This is due to a legislative policy that declassifies digital assets as legal tender.
The government of South Korea does not categorize them as a currency or financial asset and so cryptocurrency holdings and earnings are also not taxed. However, crypto regulations targeting taxation are in the works.
Crypto exchanges in the East Asian nation are required to adhere to strict anti-money laundering and know your customer rules. Clients are, for example, not allowed to use anonymous accounts and their identities have to be verified.
Cryptocurrency exchanges are also required to report the transfer of assets to and from foreign platforms to the Financial Services Commission (FSC), which is the oversight body and are barred from trading in Bitcoin futures.
An Emphasis on Security
The South Korean government has stepped up security requirements for cryptocurrency exchanges and now awards a security certification to crypto companies that meet set benchmarks.
Upbit was the first crypto exchange in the country to receive this award dubbed the Information Security Management System (ISMS) license. This was in November. KISA issued the certification, which evaluates over 100 infrastructure security points.
KISA began the analytic campaign after a wave of high profile crypto exchange hacks that saw the industry lose hundreds of millions of dollars to cybercriminals within months.
In August, KISA warned investors that many South Korean exchanges had subpar security and asked them to take extra precautions, especially when dealing with nascent platforms. Crypto exchanges in South Korea with revenues exceeding $100 million are required to have an ISMS license.
Major Crypto Exchange Hackings in South Korea
One of the South Korean exchanges that suffered major hacking attacks in the past two years was Coinrail. The platform lost over $40 million in NPXS, Ethereum, ATX, and DENT tokens following an attack in June.
Another crypto exchange, Youbit, lost about 17 percent of its total digital asset holdings to hacking. The platform suffered two devastating attacks in 2017. The last intrusion, which occurred in December, forced the company to file for bankruptcy.
Hackers also targeted Yapizon last year. The heist led to a 3,800 BTC loss, which was about 40 percent of the company’s total digital assets.
A Regulatory Debate
The South Korean cryptocurrency industry is evolving and this has led to an increase in calls for regulatory changes. Just recently, crypto exchanges CobitCoin, Upbit, Coinplug, Hanbitco, Bithumb, Coinone, and Gopax organized a dialogue session with the country’s National Assembly.
The debate touched on the industry’s know your customer (KYC) and anti-money laundering rules.
That said, client compensation laws have yet to be enacted. This would augment investor confidence in an industry that is rife with incidents of larceny.