A South Korean court has ruled in favor of the Bithumb exchange after a user was hacked for around $355,000 and moved to sue the firm over the loss.
According to a report from CoinDesk Korea on Tuesday, court documents reveal that Bithumb user Ahn Park said he’d placed 400 million Korean won in his account with Bithumb on Nov. 30 2017 and within hours someone, assumed to be a hacker, had logged into his account and exchanged the cash for ethereum.
Over the same day, Park alleged, Bithumb allowed the ethereum to be transacted out of his wallet four times. As a result, the only funds left when he returned to his account were cryptos worth 121 won (11 U.S. cents) and less than a dollar in cash.
In an attempt to reclaim his funds, Park took Bithumb’s parent firm, Bitsy, to a civil court in the Korean capital Seoul, stating: “Considering that Bithumb offers similar services to the financial sector, it requires a high degree of security measures required by financial institutions.”
He also pointed to a major breach of personal information breach that occurred in Bithumb in April 2017 as a possible leak of his account details, and argued the exchange did not live up to its expected fiduciary obligations to act in the best interests of customers. In the 2017 breach, thousands of Bithumb customers had their personal data stolen after malicious code was placed on the platform. Bitsyreceived penalties of 58 million won from authorities as a result.
In its arguments to court, the exchange said, “According to the Electronic Financial Transactions Act, Bithumb is not responsible for compensation because it is not a financial company, an electronic financier, or an electronic financial assistant. … Since we have strengthened our security policy since the leak of personal information, we have fulfilled our obligation to be an observer.”
The judge overseeing the case ultimately backed Bithumb, agreeing that the Electronic Financial Transactions Act does not apply to the exchange, and adding that cryptocurrency is “mainly used as speculative means, so it cannot be regarded as an electronic means of payment.”
Further, the judge said that it can’t be determined that Park lost his personal data in the April 2017 data breach and suggested that he might have lost his Bithumb login details via a phishing website, or his cellphone might have been hacked.
Finally, regarding the claim that the exchange had not lived up to its fiduciary duty, the court said that was not the case as Bithumb had in fact sent 10 SMS messages to Park about the hacker’s withdrawals to alert him to the fund movements, which must be manually approved by the exchange.