Breach Notification , Card Not Present Fraud , Cybercrime

Coinrail Cryptocurrency Exchange in South Korea Hacked

$50 Million Believed Stolen as Exchange Attacks Continue
Coinrail Cryptocurrency Exchange in South Korea Hacked
South Korean cryptocurrency exchange Coinrail's website (pictured) remains offline following a June 10 hack attack.

Yet another cryptocurrency exchange has been hacked, leading to losses worth tens of millions of dollars.

See Also: Cyber Insurance Assessment Readiness Checklist

On Sunday, South Korean exchange Coinrail reported that it had suffered a hack attack early in the day, leading to the loss of 30 percent of all of the cryptocurrency tokens - or coins - that it was storing.

In a statement on the homepage of the Coinrail website, the company said that it has successfully recalled or frozen two-thirds of the stolen coins, thus holding out hope that many of the missing funds might be recovered.

The exchange says it's also moved all of the cryptocurrency that wasn't stolen to cold storage, which refers to cold wallets, or offline storage devices that get be plugged into a PC or server only when required, which makes them safer from hack attacks. Otherwise, cryptocurrency typically gets stored in hot wallets, referring to internet-connected repositories that enable exchanges and service providers to facilitate instant payments (see Sizing Up Crypto Wallet Vulnerabilities).

Coinrail is currently unavailable to users, with the website as of Monday continuing to resolve to a "system maintenance" page and statement about the hack attack and losses.

"The exact damage from the leaked coins/tokens is currently being confirmed, which may require some time," the exchange says in its statement, noting that police are investigating the incident and that the exchange is working closely with coin issuers to try and quickly recover stolen coins.

The exchange says it's been able to freeze stolen NPXS, ATX and NPER coins, referring to fundus X, aston and enper cryptocurrency.

"We apologize for any inconvenience, and we will do our utmost to resolve it" as soon as possible, the statement reads.

$50 Million in Losses?

Prior to the Sunday hack, Coinrail was one of the world's top 100 most active exchanges, with a 24-hour trading volume worth about $2.7 million, according to CoinMarketCap.

While the exchange has yet to quantify the losses, one industry watcher has traced at least some of the stolen funds and said they appear to amount to about $50 million worth of cryptocurrency. It's not clear how much of this the exchange may be able to recover.

If that figure is correct, however, it would represent a fraction of the massive losses suffered by Tokyo-based cryptocurrency exchange Coincheck earlier this year, which lost half a billion dollars' worth of cryptocurrency. Coincheck said its attacker appeared to have obtained the private key used to protect its hot wallet, then used it to gain unauthorized access and drain funds (see Japanese Cryptocurrency Exchange Suffers $530 Million Theft).

It's not clear if the heist had any direct impact on the value of bitcoin or other cryptocurrencies. Over the weekend, the value of bitcoin dropped by 10 percent, according to Coindesk.

In December 2017, bitcoin reached an all-time high of $19,891. But since the beginning of this year, its value has fallen by 50 percent, sitting at about $6,780 early on Monday. The dip has been part of a plunge in the collective value of cryptocurrencies over the course of this year, which has wiped away $42 billion in value, Bloomberg reported on Sunday.

Why Hackers Love Exchanges

Despite the rise and fall in cryptocurrency valuations, criminals' ongoing interest in cryptocurrency exchanges only appears to be intensifying.

"Attackers are moving on from traditional financial targets; from hacking online banks and online stores to hacking crypto exchanges and token wallets. This makes a lot of sense from the attacker's point of view," says Mikko Hypponen, chief research officer of Finnish security firm F-Secure, via Twitter.

Exchanges in particular make ideal targets because they're "small companies with a lot of money" and also "run by startups, with small security teams and no experience," Hypponen adds. "And if you get in, the loot is already anonymized and untrackable."

Criminals attempting to steal or generate cryptocurrency most often target exchanges, according to endpoint security vendor Carbon Black, which reports that over the past six months, there have been more than $1.1 billion in known cryptocurrency-related thefts.

"Of the attacks we identified, cryptocurrency exchanges are the most vulnerable target for cybercriminals, with 27 percent of attacks targeting exchanges directly," Carbon Black says in a new report. "Nearly 21 percent of cryptocurrency attacks target businesses, 14 percent target users directly and 7 percent target governments."

Incident Responder Offers Help

If so many cryptocurrency exchanges appear to remain sitting ducks for hackers, what can be done?

Dubai-based security researcher Matt Comae, founder of security firm Comae Technologies, who was instrumental in helping to tame the May 2017 WannaCry outbreak, in February launched a task force designed to help.

"As more and more news breaks about [cryptocurrency] heists, it's becoming abundantly clear that cryptocurrency exchanges are not prepared to respond to these attacks," Comae said in a blog post in February.

So Comae launched a cybersecurity taskforce for cryptocurrency exchanges, dubbed CCXT, via which he says exchanges can receive free cybersecurity advice or incident response assistance.

"So why is this free? In short, this is an opportunity for everyone to learn together and build a stronger defensive response network," he said.

But it remains to be seen how many cryptocurrency exchanges will take the time - or be around long enough - to learn to get their information security practices in order.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.