A South Korean court ruled on Sept. 25 that the CoinOne cryptocurrency exchange must reimburse 25 million won ($20,800) to an investor after he was hacked. The attacker used the investor’s personal login and password to steal 45 million won, while a daily withdrawal limit of 20 million won was supposed to be in place.
Stolen login details
The theft occurred in late December 2018, when the investor’s CoinOne exchange login details were stolen. An attacker, who had hidden their IP address using a VPN in the Netherlands, converted all of the investor's cryptocurrency holdings into Bitcoin (BTC), which was then withdrawn from the exchange.
The total value of the cryptocurrencies stolen had been around 47.7 million won in late November 2018. However, there was a 20 million won daily withdrawal limit on the account, which should have prevented the full amount from being taken
Safeguards not effective in preventing crypto theft
The investor argued that the exchange should have blocked access from foreign IP addresses that were different than the user's normal access point. However, the court ruled that this was not a necessary safeguard that the exchange should reasonably have employed.
On the failure of the withdrawal limit though, the court ruled that the exchange was responsible, and, therefore, must pay the investor to cover the additional losses over this limit.
In August Cointelegraph reported on CoinOne’s partnerships to improve safety measures.