Bithumb ‘Partially Liable’ For a Customer’s Crypto Losses in 2017 Hack

There has been mixed news from the courtroom for one of South Korea’s biggest crypto exchanges – with Bithumb found partially liable for a data leak that led to a customer losing just over USD 27,200 back in 2017. However, the trading platform was absolved of blame in two separate and much larger claims.

Per Fn News, a judge in the Seoul Central District Court dismissed a claim from a claimant named only by their surname, Hong, for over USD 126,600, as well as another claim from a claimant surnamed Seo for USD 38,000. However, the third claimant, Jang, was partially successful with their legal bid.

All three stated that they were targeted by phishing attacks from criminals who made use of private information exposed in a 2017 data breach at Bithumb.

Attackers were able to access a database containing client information, including email addresses, telephone numbers, crypto trading statistics, and more.

The court ruled that Bithumb was guilty of negligence and could have done more to prevent the hack.

The court heard that a hacker called Jang’s mobile phone and introduced themselves as a Bithumb Customer Center employee, confirming Jang’s full name, phone number and even providing accurate data on the type and quantity of cryptoassets Jang held.

The hacker went on to state that there had been a suspicious login attempt on their account from overseas, asking for a verification code that had been sent to Jang’s mobile phone in order to help block overseas access.

The court heard that Jang provided the verification code, which the hacker used to convert Jang’s XRP and ethereum (ETH) holdings to fiat. The hacker then bought bitcoin (BTC) with the fiat sum and withdrew this sum to an unknown wallet.

However, the judge stated that Jang was at least partially responsible for the loss due to the fact that the claimant failed to recognize that they were being targeted by a hack and provided data over the phone. However, the judge added that the data had clearly been gathered from the 2017 data breach, and ordered Bithumb to pay Jang over USD 5,000 in damages.

In the other two cases, the judge ruled that data, including email addresses and mobile phone numbers, may have been leaked or obtained from other sources, ruling that there was insufficient evidence to prove Bithumb’s liability.