A South Korean Bitcoin exchange has been forced to close after suffering another major cyber-attack.
Youbit claimed it was “very sorry” but has filed for bankruptcy after it suffered the cyber-attack, less than eight months after the first.
In a statement in Korean on its homepage the firm said it had lost 17% of its assets in the raid, with all deposits and withdrawals now halted.
However, customers will get back the majority of their investments — with the firm promising to use cyber-insurance cover and money gleaned from selling its operating rights to pay them back.
It explained in the translated statement:
“Due to bankruptcy, the settlement of cash and coins will be carried out in accordance with all bankruptcy procedures. However, in order to minimize the damage to our members, we will arrange for the withdrawal of approximately 75% of the balance at 4:00 a.m. on Dec 19. The rest of the unpaid portion will be paid after the final settlement is completed.”
The incident highlights the increasing scrutiny being placed on crypto-currency exchanges by cyber-criminals keen to make a fast buck.
In April, Youbit lost 4,000 Bitcoins ($73m) to hackers, with South Korea’s Internet and Security Agency (Kisa) blaming the rogue nation over the border for the raid.
North Korean hackers are also thought to have been targeting crypto-currency insiders in London in a bid to steal credentials.
The hermit nation sees crypto-currency as one way to keep funds flowing into the country in the face of tightening sanctions put in place as a result of its continued nuclear testing.
Leigh-Anne Galloway, cyber-resilience lead at Positive Technologies, argues that Bitcoin exchanges need to get the basics right when it comes to cybersecurity.
“Firstly, server infrastructure and the applications that host cryptocurrencies need to be seen as a security risk — as this is a vector for attack we have seen time and time again. No matter how secure a currency is, if the web application, mobile application, server or network the currency operates on is vulnerable, the contents are at risk,” she explained.
“Secondly, there needs to be a greater focus on preventing social engineering attacks — protecting against website clones and educating users to avoid malicious websites and apps as quick as possible.”