Bitcoin Declines After Coinrail Cryptocurrency Exchange Hack
11.6.2018 securityweek Cryptocurrency
Another Bitcoin exchange has been hacked, strengthening concerns over the security of exchanges, and causing a further fall in the value of bitcoins.
Coinrail, a relatively small cryptocurrency exchange in South Korea (but still within the world's top 100 exchanges), confirmed an 'intrusion' over the weekend. On Sunday it tweeted, "There has been a cyber intrusion in our system. We're confirming it and some coins (Pundi X, NPXS) are confirmed."
Commenting on Twitter, @peatrykim claims, "The total hacked coins worth 50mil dollars." A South Korean news outlet, Yonhap, suggests that about 40 billion won ($37.28 million) worth of virtual coins were stolen.
Coinrail said that about 30% of its coins were stolen, but also claims to have blocked most of them before they could be cashed out by the hackers. The remaining 70% are now stored in a 'cold wallet' (that is, off-line) and are thought to be safe.
There is no information yet on how the hack was executed, nor who might have been involved. Coinrail is working with law enforcement.
A statement on its website (Google translation) says, "At present , 70% of your coin rail total coin / token reserves have been confirmed to be safely stored and moved to a cold wallet and are in storage. Two-thirds of the coins confirmed to have been leaked are covered by freezing / recalling through consultation with each coach and related exchanges. The remaining one-third of coins are being investigated with investigators, relevant exchanges and coin developers."
Bitcoin, Ethereum and Ripple, the world's largest cryptocurrencies, all declined approximately 5% or 6% over the weekend. Bitcoin has now declined almost 50% for the year, and approximately 65% from its all-time high in December 2017.
In January 2018, 14 South Korean exchanges adopted measures aimed at better protecting users. "Coinrail is not a member of the group that promotes self-regulation to enhance security," commented Kim Jin-Hwa of the Korea Blockchain Industry Association. "It is a minor player in the market and I can see how such small exchanges with lower standards on security level can be exposed to more risks."
F-Secure security expert Mikko Hypponen echoed this sentiment on Twitter. "We see this regularly. Attackers are moving on from traditional financial targets; from hacking online banks and online stores to hacking crypto exchanges and token wallets. This makes a lot of sense from the attacker's point of view," he tweeted. "Cryptocurrency exchanges are ideal targets for attackers. Small companies with a lot of money. Run by startups, with small security teams and no experience. And if you get in, the loot is already anonymized and untrackable."
Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge, also commented on the incident.
"It's one more drop in the ocean of crypto-breaches and it's unlikely to drive any substantially new conclusions or concerns. This Bitcoin drop seems to be a temporary fluctuation, investors are now waiting for some good or bad news," Kolochenko said. "The emerging problem of Bitcoin is its extreme influenceability by third-parties. A well-prepared hacking campaign, targeting top Western media agencies, can virtually ruin Bitcoin after releasing fake news about major breaches and subsequent cryptocurrency ban by major countries. People playing short can make unprecedented profits, however, Bitcoin may ultimately never recover at the end of the day."