June 12, 2018 at
Latest hacking attack hits an exchange in South Korea
Hacking attacks on various institutions that have money to be stolen is nothing new, and ever since cryptocurrencies went big, crypto exchanges joined the list of potential targets. This year alone has had some of the major crypto exchanges hacked and robbed, with South Korea’s Coinrail being the latest target of cybercriminals.
Despite the fact that Coinrail is one of the smaller exchanges in Korea, it still stands as a valid target, considering the amount of money that goes through it. The hackers have recognized it as such, and the new attack proves that even the smaller exchanges can be robbed of a large amount. In this case, the amount stolen is at $40 million, taken from the exchange in various altcoins.
The most-affected token is NPXS, and hackers seem to have stolen around $19.5 million in this crypto’s units. The tokens were originally issued by project Pundi X’s Initial Coin Offering (ICO). In addition to this, the hackers also stole $13.8 million from another ICO project called Aston X. This is a project tasked with creating a platform that would help decentralize various documents.
Smaller amounts were taken from other cryptos, including Dent’s $5.8 million, as well as $1.1 million that was taken from TRON.
All of this information came from data belonging to a wallet address linked to one of the attackers. The wallet was also found to be holding even more digital coins, belonging to five more cryptocurrencies which were taken, but in much smaller amount.
It is important to mention that the stolen tokens were not taken from the companies that are issuing them. Instead, the victims of the attack are the token holders, various individuals that acquired them through trading and ICOs.
해킹공격시도로 인한 시스템 점검중입니다. 일부코인(펀디엑스,NPXS)이 확인되었으며 추가적인 코인피해가 있는지 여부를 확인중입니다. 추후 자세한 사항은 재공지하겠습니다 / There has been an cyber intrusion in our system. We’re confirming it and some coins(Pundi X, NPXS) are confirmed.
— coinrail (@Coinrail_Korea) June 10, 2018
What can be done about it?
One of the biggest questions right now is whether the exchange is planning to compensate its customers for the money that they have lost, and if so, how? After the hack of Coincheck at the beginning of the year, Japan’s exchange did go through with refunding the affected users. However, it would seem that ICO projects might be the first to react when it comes to this issue.
The one with the most of the stolen tokens was Pundi, which lost around 3% of its token volume in this attack. According to their statement, the stolen tokens are now frozen, while the trading of other coins is currently halted in all exchanges that are offering it. This was done in an attempt to assist the ongoing investigation that has seen the involvement of the country’s police.
The same act of freezing the stolen coins was also done by Aston, as well as NPER, which has stated that it plans to incinerate the coins, so that the attackers would not be able to use them.
Other of the affected projects have not yet issued comments on the situation, or how they plan to deal with it. However, Coinrail did state that around two-thirds of the stolen coins are already frozen, and the remaining ones will probably be affected soon enough.
Following the attacks, Coinrail went offline and stated that it is moving what remains of its assets to a cold storage until the investigation was finished, and the vulnerabilities in its security system are removed.
Another consequence of the attack, at least according to some, is the price of Bitcoin (BTC) going down by more than 5%. However, many believe that these two events are not connected, due to Coinrail’s obscurity.
As for the hack itself, it has reminded the crypto community once again that the world of cryptos is still highly unregulated, and that there is no real protection that can be provided to those affected by the attack. Additionally, this can be taken as an example of what can happen when users keep their digital assets within an exchange, instead of storing them safely in a private wallet.