South Korean Court Acquits Crypto Exchange Bithumb In Hack Lawsuit

News | December 27, 2018 By:

South Korean cryptocurrency exchange Bithumb has won a lawsuit in which an investor accused the exchange of allowing hackers to steal his cash and crypto holdings.

According to court documents, the investor, Ahn Park, claimed that on Nov. 30 2017, he placed more than 400 million Korean won ($355,000 USD) in his Bithumb account and within hours an unidentified hacker had compromised his account and exchanged the cash for ethereum, which was then transferred out of his wallet in four different transactions, leaving only 121 korean won ($0.11 USD) in his wallet.

The investor raised an action in South Korea’s civil courts for recovery of the funds, raising questions over the obligations of exchanges, and whether they can be held liable for security breaches to live up to their fiduciary duties. Ahn argued that since Bithumb offers similar services to the financial sector, the exchange should have a high degree of security measures required by financial institutions.

Ahn also alleged that cybercriminals could have acquired his personal information in an October 2017 security breach, wherein over 30,000 Bithumb customers had their personal data stolen after malicious code was placed on the platform.

During the court hearing, Bithumb defended itself and argued that it is not responsible for compensation because it is not a financial company, an electronic financier, or an electronic financial assistant.

“Since we have strengthened our security policy since the leak of personal information, we have fulfilled our obligation to be an observer,” the exchange said.

The judge overseeing the case agreed with Bithumb, statng that cryptocurrency is mainly used as speculative means, so it cannot be regarded as an electronic means of payment.

“In general, virtual currencies cannot be used to buy goods and it is difficult to guarantee their exchange for cash because their value is very volatile,” the judge said. “[Cryptocurrencies] are mainly used for speculative means, [and it] is not reasonable to apply [Korea’s] Electronic Financial Transactions Act to a defendant who brokers virtual currency transactions without the permission of [South Korean regulator] the Financial Services Commission.”

Regarding the April 2017 data breach, the judge said that there was no evidence Ahn was affected by the breach, and that his data may have been compromised in other circumstances, such as through a phishing scam.