The hacker managed to gain ownership of the user’s personal login and password, and took out from the account 45 million won, even though there was supposed to be a daily withdraw limit of 20 million won.
The funds were stolen on December 2018, when the CoinOne user had his account compromised by the hacker. The attacker apparently hid his IP address by using a VPN in the Netherlands, exchanged all of the investor’s cryptocurrency holdings into Bitcoin (BTC), and then proceeded to withdraw them from the account.
The financial damages of the hack are estimated at around 47.7 million won at the prices of late November 2018. The problem is that the 20 million won daily withdrawal limit on the account did not prevent the hacker from withdrawing the entire amount, which could have saved some of the investor’s money.
The investor also pointed out that the exchange should have restricted any foreign IP addresses that differs from the user’s normal sign-in location from accessing the account. But the court ruling stated that this was not a required security measure that should have been implemented by CoinOne.
The court ruling also stated that CoinOne had to take responsibility for the withdrawal limit not working and, therefore, had to pay the losses that the investor sustained over the limit.
Back in August, CoinOne partnered with cybersecurity audit company CertiK and disclosures company Xangle in order to enhance the safety and transparency of tri crypto accounts.
Also, in August, CoinOne suddenly shut down its Malta-based exchange platform CGEX after less than a year of operations. No further details were given by the South Korean exchange for the sudden closure.
Featured image: ICO Now