Cryptohack Roundup: Bithumb's Recovery Plan

Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Cryptohack Roundup: Bithumb's Recovery Plan Also: Cambodia Moves to Combat Online Scam Networks Rashmi Ramesh (rashmiramesh_) • April 9, 2026     Share Post Share Credit Eligible Get Permission Image: Shutterstock Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Bithumb's recovery plan, Circle criticized, a new Cambodian law to combat online scam networks, Bitcoin Depot hack, panic after Stabble's alleged North Korea link and HypurrFi's domain hijack. See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation Bithumb Moves to Recover Mistaken Bitcoin Payout South Korean crypto exchange Bithumb sued to recover bitcoin mistakenly distributed during a February promotional event reported the Chosun Daily. The exchange asked a court to freeze accounts holding a combined 7 BTC, about $496,000, through a provisional seizure, a legal step that secures assets ahead of a formal judgment. A staff error led Bithumb to distribute roughly 620,000 BTC, worth more than $43 billion at the time, across hundreds of user accounts. The mistake occurred when an employee entered rewards in bitcoin instead of Korean won. The incident triggered a 15% drop in the bitcoin-KRW trading pair on the platform. Bithumb responded by promising compensation at 110% of user losses, reworking internal controls in a bid to make them more secure and setting up an emergency protection fund. While most users returned the mistakenly credited bitcoin, some refused, saying that the exchange bears responsibility for the error. Circle Criticized Over Delayed Freezing of Illicit Funds Blockchain investigator ZachXBT has accused Circle of failing to act quickly enough to freeze funds linked to major crypto exploits. In a thread, ZachXBT cited 15 incidents totaling more than $420 million, saying that Circle's response times undermine its positioning as a safer, regulated alternative in the stablecoin market. The most prominent case cited by ZachXBT involves the recent Drift Protocol exploit, which resulted in losses exceeding $280 million. The investigator said the attacker bridged around 232 million USDC from Solana to Ethereum using Circle's Cross-Chain Transfer Protocol across more than 100 transactions over six hours. Despite the scale and duration of the activity, Circle did not freeze the funds during the laundering window. Blockchain analytics firms said the exploit may be linked to North Korea. ZachXBT also highlighted earlier cases, including the Cetus Protocol exploit, where $61 million in USDC was bridged and later converted before Circle blacklisted the address, reportedly a month after receiving requests to act. In response, Circle said it complies with legal and regulatory requirements, freezing assets only when mandated by law enforcement or court orders. The company said there was a need for broader industry coordination on security and accountability. Circle's USDC is the world's second-largest stablecoin with a circulating supply exceeding $77 billion. Cambodia Passes Law to Combat Online Scam Networks Cambodia has passed a dedicated law to tackle online scams, marking a policy shift as the country faces scrutiny over its role in hosting scam centers, reported the South China Morning Post. The Law on Anti-Technology Fraud, which introduces five new offenses, including cybercrime, organizing scams, recruiting or training scammers, data collection and specialized money laundering. Compounds located throughout Cambodia and other Southeast Asian countries have earned tens of billions of dollars for organized crime through fraud conducted by forced labor engaged in romance and crypto investment scams (see: Breach Roundup: Cambodia Scam Center Crackdown). The law imposes two to five years in prison sentences and fines of up to $125,000 for general offenses. Operators of scam compounds face harsher punishments of up to 10 years in prison and fines reaching $250,000. Cases involving human trafficking, violence or detention can lead to sentences of up to 20 years. The legislation awaits the signature of King Norodom Sihamoni. Missing from the law, a transnational crime expert told the South China Morning Post, are provisions addressing the corruption that has allowed scam centers to flourish in Cambodia. "Without major changes in oversight over the officials tasked with implementation of the law, it is unlikely that the introduction of such a law will result in major changes on the ground," said Jason Tower, a senior expert at the Global Initiative Against Transnational Organized Crime. Bitcoin Depot Discloses $3.7M Hack Bitcoin Depot reported a security breach that led to the theft of approximately $3.7 million in bitcoin. In a filing with the U.S. Securities and Exchange Commission, the Nasdaq-listed firm said it detected unauthorized access to its IT systems on March 23. The attacker gained control of credentials linked to crypto settlement accounts and transferred 50.9 BTC from company wallets. The company said that the breach did not impact customer accounts or data, though an investigation is ongoing. It added that insurance may cover some losses, but recovery is not guaranteed. Stabble Triggers Panic Withdrawals After North Korea Link Allegations Stabble sparked alarm among users after publishing warnings for liquidity providers to withdraw funds, citing potential risks. The decentralized exchange posted a series of emergency messages urging users to act "instantly," though it later clarified that no exploit had occurred. The panic followed claims by blockchain investigator ZachXBT, who alleged that a developer with suspected North Korean links previously worked at Elemental. Stabble amplified these claims by sharing related materials, including a resume and images of the individual, which intensified user concerns. The incident comes amid warnings from U.S. authorities about North Korean operatives infiltrating crypto firms using fake identities. It also follows recent high-profile attacks, including the Drift Protocol exploit and the Radiant Capital hack, both linked to state-backed actors. In response, Stabble said the warnings were precautionary and emphasized that a new team had taken over the project four weeks earlier. The exchange acknowledged that a potentially compromised developer may have been involved about a year ago and pledged to conduct fresh security audits before resuming normal operations. The episode drew criticism from users over the platform's communication and handling of the situation. Stabble defended its actions, stating that its priority was protecting liquidity providers rather than managing public relations. HypurrFi Warns of Domain Hijack HypurrFi warned users not to interact with its website or lending platform after detecting a potential domain hijacking. Founder androolloyd issued an alert stating that the platform's domain has been compromised and should not be used until further notice. The team said that user funds are safe and that its social media accounts are still under control. But it advised users to avoid the application while the investigation continues. HypurrFi operates as a decentralized finance lending and borrowing protocol built on HyperEVM, part of the broader Hyperliquid ecosystem. The platform currently holds around $30 million in total value locked.