A recent stream of hacking attacks sees Korea’s Coinrail as its last victim. The exchange suffered a massive breach, and the attack resulted in a theft of $40 million in various tokens.
Hackers’ latest target
Hacking attacks on various institutions that have money to be stolen are nothing new and ever since cryptocurrencies went big, crypto exchanges joined the list of potential targets. This year alone has seen some major crypto exchanges hacked and robbed, with South Korea’s Coinrail being the latest target of cybercriminals.
Despite Coinrail being one of the smaller exchanges in Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it as such and the new attack proves that even the smaller exchanges are not safe. In this case, the amount stolen is at $40 million, taken from the exchange in various altcoins.
The most-affected token is NPXS of which around $19.5 million was stolen. The tokens were originally issued by project Pundi X’s Initial Coin Offering (ICO). In addition to this, the hackers stole $13.8 million from another ICO project called Aston X, who are creating a platform that would help decentralize various documents.
Smaller amounts were taken from other cryptos, including Dent’s $5.8 million and $1.1 million that was taken from TRON.
The information came from data belonging to a wallet address linked to one of the attackers, which was found to be holding even more digital coins, belonging to five more cryptocurrencies which were taken, but in smaller amounts.
The tokens were not stolen from the companies that are issuing them but from the token holders, various individuals that acquired them through trading and ICOs.
해킹공격시도로 인한 시스템 점검중입니다. 일부코인(펀디엑스,NPXS)이 확인되었으며 추가적인 코인피해가 있는지 여부를 확인중입니다. 추후 자세한 사항은 재공지하겠습니다 / There has been an cyber intrusion in our system. We're confirming it and some coins(Pundi X, NPXS) are confirmed.
— coinrail (@Coinrail_Korea) June 10, 2018
What can be done about it?
One of the biggest questions right now is whether the exchange is planning to compensate its customers for the money that they have lost, and if so, how? After the hack of Coincheck at the beginning of the year, Japan’s exchange refunded the affected users. However, it would seem that ICO projects might be the first to react when it comes to this issue.
Pundi had the most tokens stolen, losing around 3% of its token volume in this attack. According to their statement, the stolen tokens are now frozen, while the trading of other coins is currently halted in all exchanges that are offering it, in an attempt to assist the ongoing investigation.
As for the hack itself, it reminds the crypto community that while the world of cryptos remains unregulated there is no real protection for those affected by the attack. Additionally, this can be taken as an example of what can happen when users keep their digital assets within an exchange, instead of storing them safely in a private wallet.