Is it me, or has ‘South Korea’ become a byword for ‘poor cryptocurrency exchange security’? It seems that of late, cryptocurrency exchanges in South Korea are surrounded by security issues that are seeing very large-scale hacks take place, hacks that have allowed for the theft of tens of millions of USD worth of crypto-assets. This latest report from Coindesk only highlights that $620,000.00 have been put at risk from the latest security breach, nonetheless though, the nature of this breach is most concerning.
An employee of crypto exchange Bitkoex has allegedly leaked information online, which contained the personal information of 19 customers of the Bitkoex exchange. This information included personal email addresses, wallet addresses and details of how much Karma (KRM) was held by the respective individuals. The full amount of KRM held between these customers, amounts to around $620,000.00.
According to Coindesk:
“Following the event, Bitkoex said the employee posted the message by accident and the exchange has moved the exposed assets to a cold wallet, which is not accessible through the internet. As such, the company asserted no assets have been lost.”
“This is not the first time that user information had been leaked from a Korean crypto exchange. The computer of an employee from Bithumb, one of the largest crypto exchanges in South Korea by trading volume, was hacked earlier last year. Information of as many as 30,000 users on the platform was subsequently leaked.”
You can see the full report for yourself, here-
What is the problem here?
Obviously, this instance is not a case of poor security or poor operations within Bitkoex, however, it does seem as if the exchange has failed to carry out due diligence on their staff. It is imperative that only vital members of the team have access to personal data and thus, these members of staff should be subject to rigorous vetting procedures to ensure they understand why they can’t share their customers personal data online. Surely, the essence of the blockchain means that a crypto exchange can run a large-scale operation, yet only allow a handful of staff to actually be able to see live personal information of this nature?
We should recognise the efficiency in which Bitkoex have dealt with this incident. They have taken appropriate steps to ensure that customers assets remain safe, but, the major problem is that this has been allowed to happen in the first instance. Realistically, their next response should be to provide clearer instructions to staff which stipulate exactly why this sort of thing is unacceptable, perhaps some further training is needed. Finally, we should expect Bitkoex to start to limit who has access to what.
The bigger picture for South Korea is a gloomy one, surely there’s only so much negative news that Korean investors can take?