A South Korean bitcoin exchange called Youbit said (link in Korean) hackers had stolen 17% of its asset reserves and it now plans to file for bankruptcy.
For Yapian, the company that operates the Seoul-based exchange, it was the second breach (paywall) in less than eight months. The company said hackers broke into its so-called hot wallet, an account kept online for holding cryptoassets like bitcoin or ethereum. Youbit, which provides trading for a range of digital assets, said its offline, cold-storage holdings were still intact, and that all customers’ assets will be marked down to 75% of their value.
Youbit is a smaller exchange, but the breach underscores the difficulty such companies have had in protecting digital assets from hackers. The major platform in bitcoin’s early days, Mt. Gox, was originally designed for trading Magic: The Gathering cards. It was the leader until hackers stole from its customers, helping drive the exchange into bankruptcy. More than $70 million in bitcoin was stolen from NiceHash, a cryptocurrency-mining service in Slovenia, earlier this month.
Despite the risks, South Korea is a hotbed for cryptoasset trading—Bithump, one of the biggest digital-asset exchanges by volume, is based there.
South Korea’s Internet and Security Agency (Kisa) began a probe into how the hackers gained access to Youbit’s systems, according to the BBC. The security agency blamed an earlier attack on Youbit on spies working for North Korea.
In modern banking, people generally don’t live in fear of their money being stolen from large financial institutions like JPMorgan or Barclays. Cryptoassets are different because the user has to keep secret cryptographic keys—the credentials for spending coins—safe and secure.
“Key management” is a notoriously difficult challenge for security experts, according to Patrick McCorry, a research associate at University College London. Bitcoin transactions—and thefts—are also irreversible, making breaches even more difficult to contain.