On the night of June 4 to 5, unknown people hacked a cryptocurrency exchanger bithub.im and they stole about 5 million rubles. To date, about half of the amount of damage has been reimbursed to the victims. This was reported to ForkLog by representatives of the monitoring service BestChange.ru .
According to preliminry data, on the night of the incident, the attackers bypassed the automatic monitoring protection system and the protocols of the moderators’ actions, after which they intercepted the management of the service.
“Hackers, among other things, managed to disable notifications about exchange requests sent to the exchanger administrator via Telegram, as well as completely delete information about exchange requests received from 00:00 to 08:00 Moscow time on June 5. Administration bithub.im I was forced to turn off the service,” said Sarkis Darbinyan, managing partner of the Digital Rights Center law firm, representing the interests of the exchange office.
Representatives bithub.im informed BestChange about the fact of hacking. The exchanger’s account on the monitoring service has been suspended.
Later administration bithub.im she stated that the attackers had access to the management of the exchanger for more than seven hours. All funds received during this period to the exchanger were received not by the administration of the service, but by unknown third parties.
A criminal case has been opened on this fact and a preliminary investigation has been launched.
“Acts committed by unidentified persons or a group of persons may fall under the signs of crimes under Article 272 of the Criminal Code of the Russian Federation “Unlawful access to computer information”, Article 273 of the Criminal Code of the Russian Federation “Creation, use and distribution of malicious computer programs”, as well as Article 159.6 of the Criminal Code “Fraud in the field of computer information””, — Sarkis Darbinyan commented.
During an independent investigation, BestChange identified possible weaknesses in the protection of the hosting and the hacked service.
“Based on the data obtained, the mechanisms for checking suspicious transactions, as well as abnormal behavior for exchange offices with non-round-the-clock service have been improved. Recommendations have been developed for other exchange services, their owners have been informed about the possible imperfection of the security system of the hosting center of the service reg.ru “, – representatives of the monitoring service added.
Since August 5, with the assistance of investors who wished to remain anonymous, BestChange has initiated the first wave of payments to victims. At the moment, 2.1 million rubles have already been reimbursed.
The parties continue to work on establishing all the circumstances of the hacking and eliminating the consequences.
Recall that at the end of June, a non-custodial Blender Wallet was attacked. The attackers allegedly stole about 100 BTC (about $3.2 million at the time of the incident). Especially for ForkLog, experts analyzed this incident in detail.