5 min readSouth Korean Crypto Exchange “Coinrail” Hacked for $40 mil

For what is the second time this year, the Asian crypto markets have been hurt by hackers. “Coinrail,” a major crypto exchange in South Korea, and one of the top 100 crypto exchange companies in the world temporarily lost control over $40 mil worth of crypto.

The hack which was said to have happened in the days between June 7th-10th has been tagged as the second major crypto theft in Asia, after the Japanese Coincheck hack in January; and is among the five biggest thefts in cryptocurrency history.

Coinrail stated that their system was hit by a cyber intrusion which has led to about 30% loss of all digital assets owned by Coinrail.

The statement by the exchange platform on its website states that; “70% of the total coin and token reserves have been confirmed to be safely stored and moved to a cold wallet. Two-thirds of stolen cryptocurrencies were withdrawn or frozen in partnership with related exchanges and coin companies.” For the rest of the currencies, they have hired a cyber investigation unit, reached out to exchanges, and to the developers of affected coins. 

A few different figures are floating around, but there is no official statement regarding how much was stolen/frozen from the exchange.

Sources on the ground

Which is why we have reached out to our friends at CoinLink, a South Korean cryptocurrency exchange and we spoke with the company’s Global Business Development Chief Officer, Sean Lee.

They’ve helped us understand the situation better and provide you with some exclusive data.

How was the hack executed?

EBcoin was supposed to get listed on the exchange on June 11th, which was when a fake email was sent by hackers pretending to be the owner of the coin. The email contained a hacking tool, which is presumed to have been the access point for the hackers.

The investigation

KISA (The Korea Internet Development Agency) is supporting with the Korean police which is leading the investigation. The police are aware of the facts of the situation, as they have been reported by the exchange in front of 300 people. Our report comes from a source of our source, a person that attended the public statement of the company:

1. Most attention is focused on the tokens that have not yet been solved. Prioritization of unsecured assets is on the top level for CoinLink.
2. Cold wallets secured 70% of the assets, and these are completely accessible and available resources.
3. There is a possibility of solving these problems through fund management and ASTON.
4. The chief investigator is a member of the Korean Cyber Police, and he is the primary interviewer for the Police Agency. Our source didn’t see it fit to reveal their identity to us, and we can respect that decision.
5. May 31st may be an essential date associated with this event, as multiple exchanges in Korea simultaneously received what seems to be “test emails.” Details are inconclusive.
6. More than 20 people work for this company, and they all represent a point of failure for the system.
7. Our source met with the development and marketing team leaders of the company, which explained: “We are doing the best we can to help the company identify the methodology and prevent this in the future. For now, we are focused on mitigating the damage this breach has created.”
8. The capital and exchange are relatively small compared to the broader crypto markets and top performing exchanges.

KISA received this report on the morning of June 10 and said that it was working closely with the National Police Agency to analyze and uncover the exact cause of the accident.

Additionally, KISA said Coinrail was not ISMS certified. In this regard, even the four cryptographic exchanges (Coin One, Bitsum, Upbit, and Cobit), which are subject to the ISMS certification, are all not certified.

Coinrail announced that it was not a member of the Korea Block Chain Association, which became the issue by publishing autonomous regulations on the Codex Exchange.

It also said it agrees to restore all of the damages that resulted as a consequence to the hack. Once the homepage is working correctly, most users will see that are still owners of most of their assets, as they have been frozen and the company is working on getting them back.

The exchange utilized support from “NPXS,” “NPER,” and “ASTON” development teams to successfully perform freezing or recoveries of 2/3 of affected assets. They also said that they are working on completely mitigating the damage through collaborative exchanges, investigation agencies, and related organizations.

Our sources say that the company responded well to the official visitation by the state’s officials, and that requires preparation and readiness.

Aston’s Report

Coinrail and Aston worked together to mitigate the damage created by the hackers. Out of 210 million ATX that were held by the exchange, 93 million were stolen. These tokens in question were frozen by Aston.

Aston made three different suggestions to Coinrail for dealing with the missing ATX tokens:

1. The stolen 93 million ATX tokens, to be swapped by issuing a new Aston coin, preserving 100% of the damage after a coin swap takes place.
2. After the exchange normalizes, 40 million ATX tokens will be provided by the Aston team, making regular trading available before being swapped to Aston Coin.
3. Both Aston and Coinrail will support the remaining 53 million ATX.

These two entities are collaborating heavily on restoring the performance of the exchange and plan to make an official announcement soon.

We will keep in touch with this story, and provide more information as the story develops.

Featured Image via Pexels.