According to a recent news published by Korean mainstream media outlet named Hani, Bitkoex – a small crypto exchange in Korea – has released over $650,000 worth of user keys in a group chat. The absurdity was reported this Sunday by the popular Korean media outlet. Leaks of information and security breaches have been a major problem with small cryptocurrency exchanges around the world with a number of incidents coming out in just a matter of months.
Many security experts and business analysts have heavily criticized the business models of these small exchanges, especially after the hack in Coinrail. According to these experts, small crypto exchange platforms try to make maximum profit with minimum investments. While it may be a very good idea to make money but such a business model has no room for putting financial resources towards security and infrastructure control of these platforms, ultimately leaving the cryptocurrency exchanges considerably vulnerable. One of the major insights provided on the matter came from Moon Byung-Ki, department director of SK Infotech, the biggest South Korean telecommunication company’s technology subsidiary.
Moon Byung-Ki said in an interview that small cryptocurrency exchanges are largely focused towards expanding business and user base and usually delay the implementation of security measures that are of high priority in such businesses. Moon Byung-Ki also said in the interview that any skilled hacker can easily breach the security of the small cryptocurrencies operating in China.
According to the report by Hani, an employee working in Bitkoex released a considerable amount of the exchange’s user data including account owner names, public keys and private keys. The information – worth $650,000 – was released for an unknown reason in a group chat of KakaoTalk, the most widely used chat application in Korea with 90% of the share.
This is extraordinarily disturbing because many popular chat applications use end-to-end encryption methods that only keep the information while in transit and destroy it afterward from the servers, but KakaoTalk has no such encryption in place which means that the information could be extracted by any skilled hacker. In this case, the hacker wouldn’t even have to hack into the exchange, he would just have to hack into the KakaoTalk account (which is way easier than taking down a crypto exchange) and retrieve the data.
After the information was revealed by the employee on the KakaoTalk group chat, one of the members of those group chats went on to make that information public. This means that information of accounts containing $650,000 worth of cryptocurrencies now lay in public for any hacker to grab and use to hack the accounts. What’s funny is that there was no hacking effort made in this incident. Instead, the whole ordeal was caused due to the cryptocurrency exchange’s decision to send sensitive information about its users’ accounts in an unsafe messenger app. KakaoTalk doesn’t claim to be the most secure chat application because it is targeted for the general population to connect.