Chinese Bitcoin exchange denies hacking rumors after theft of $2.5M

Think the Chinese authorities will weigh in? Not likely.

David bisson
David Bisson
@
@DMBisson

Chinese Bitcoin trading exchange denies hacking rumors after theft of $2.5M

A Chinese Bitcoin trading exchange has denied rumors that it suffered a hacking attack after its users lost a total of $2.5 million in Bitcoins to unknown actors.

On 4 October 2017, OKex, a cryptocurrency exchange which functions as part of the Chinese Bitcoin company OKcoin, acknowledged that several of its users have experienced “abnormal logins” to their accounts in recent months.

For instance, one user spotted someone logging into their account using a Germany-based IP back in August 2017. That unknown hacker sold all the user’s Bitcoins and canceled all pending orders within an hour, reports HackRead. In so doing, they cost the affected user 200 Bitcoins, or around US $850,000 according to current exchange rates.

Sign up to our free newsletter.
Security news, advice, and tips.

Other OKex users have reported similar unauthorized sales of their Bitcoins since then. In total, they’ve lost 600 Bitcoins, which is currently worth about US $2.5 million.

Even so, the Chinese Bitcoin trading exchange isn’t taking responsibility for what happened. Just look at what Lennix Lai, financial market director at OKex and OKcoin, has to say about these instances of theft:

Okay, so what’s OKex’s explanation?

As it reveals in its statement, the Bitcoin trading exchange suspects the hacks occurred because users used passwords that were too simple, didn’t store their passwords securely, logged into their account using a malware-infected computer, or reused the password for another web service that might have suffered a breach.

OKex is therefore urging users to enable two-step verification (2SV) on their accounts by installing the Google Authenticator app onto their mobile devices.

It’s unclear how many OKex users lost Bitcoins to hackers in recent months. As a result, it’s difficult to determine whether the hacking instances were part of a larger campaign targeting the exchange.

They very well could have been. After all, other cryptocurrency platforms have suffered similar thefts since the summer of 2017. It’s not impossible that hackers set their sights on OKex as a whole.

Unfortunately, their decision to do so doesn’t bode well for users wishing to recover their lost funds. OKex hasn’t said anything about working with users to return their stolen Bitcoins. And as most of the world knows by now, the People’s Bank of China declared initial coin offerings illegal in the beginning of September, which means Chinese law enforcement won’t likely get involved.

In the cryptocurrency world, so much rests with each trading platform. Users should therefore do their research and think very carefully before enrolling with a specific service. If they do choose a platform, they need to remember that Bitcoin and other cryptocurrencies aren’t generally insured by entities like the FDIC, and if they are, they are usually covered for up to only a certain amount. That means any sizable losses could likely fall squarely on their shoulders.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.