Bitkub to Terminate Web-Based Withdrawals Following 250,000 THB ‘Phishing’ Theft

SATURDAY, FEBRUARY 07, 2026

Thailand’s largest crypto exchange moves to disable website withdrawals from 10 February after a user lost $7,400 to suspected desktop malware

  • Bitkub will permanently disable cryptocurrency withdrawals on its website for all Thai customers, effective February 10, 2026.
  • The decision was prompted by a user losing 250,000 THB (approx. $7,400) in a suspected phishing attack.
  • The theft was attributed to malicious software on the user's personal computer, not a breach of Bitkub's central servers.
  • The exchange is directing users to its mobile app for withdrawals, citing it as a more secure environment against cybercrime.

 

 

Thailand’s largest crypto exchange moves to disable website withdrawals from 10 February after a user lost $7,400 to suspected desktop malware.

 

 

In a decisive move to curb rising cybercrime, Bitkub Online has announced it will permanently disable coin withdrawal services via its website (www.bitkub.com) for all Thai customers. 

 

The suspension, effective from 10 February 2026, marks a significant shift in the platform’s security strategy as it pushes users toward more secure mobile app environments.

 

The policy change follows a high-profile incident reported within the Bitcoin Thai Community on 4 February. A retail investor claimed their digital wallet had been "hacked," resulting in the loss of 250,000 baht (approximately $7,400). 

 

The victim’s plea for fellow investors to adopt Two-Factor Authentication (2FA) and cold storage solutions quickly went viral, prompting an immediate response from the exchange.

 

 

 

Desktop Vulnerabilities Targeted

Technical analysts within the crypto community suggest the theft was not a breach of Bitkub’s central servers, but rather a targeted phishing attack on the user’s personal computer. 

 

Scammers have reportedly been circulating links to fraudulent "Bitkub Desktop" software or "free coin" giveaways.

 

Once a user downloads these malicious programmes, attackers gain remote access to their email accounts and private credentials. 

 

Industry experts have long warned that transacting via traditional web browsers on a PC carries a higher risk of "Session Hijacking" compared to the encrypted environments of dedicated mobile applications.
 

 

 

 

New Security Mandate

To mitigate these risks, Bitkub is mandating a shift to enhanced security protocols. Alongside the termination of web withdrawals, the exchange has issued an urgent five-point safety directive for its millions of users:

 

Zero-Trust Policy on Links: Users are warned never to click links from unverified sources or download any "desktop" version of the platform.

 

Biometric Shielding: The exchange is urging the immediate activation of Passkeys and Face Verification, which are significantly harder to bypass than traditional passwords.

 

Mandatory Multi-Factor Auth: All users are advised to ensure 2FA and OTP (One-Time Passwords) are active for every transaction.

 

Domain Verification: Investors must rigorously check URL spellings and security certificates before logging in.

 

According to its press release, Bitkub confirmed that its 24-hour support team remains on high alert. If any irregularity is detected, users must change their passwords immediately and contact our team to freeze their accounts.

 

 

nationthailand

© 2026 All rights reserved., The Nation
Privacy Policy