South Korean Crypto Exchange “Coinrail” Hacked for $40 mil

For what is the second time this year, the Asian crypto markets have been hurt by hackers. “Coinrail,” a major crypto exchange in South Korea, and one of the top 100 crypto exchange companies in the world temporarily lost control over $40 mil worth of crypto.

The hack which was said to have happened in the days between June 7th-10th has been tagged as the second major crypto theft in Asia, after the Japanese Coincheck hack in January; and is among the five biggest thefts in cryptocurrency history.

Coinrail stated that their system was hit by a cyber intrusion which has led to about 30% loss of all digital assets owned by Coinrail.

The statement by the exchange platform on its website states that; “70% of the total coin and token reserves have been confirmed to be safely stored and moved to a cold wallet. Two-thirds of stolen cryptocurrencies were withdrawn or frozen in partnership with related exchanges and coin companies.” For the rest of the currencies, they have hired a cyber investigation unit, reached out to exchanges, and to the developers of affected coins. 

A few different figures are floating around, but there is no official statement regarding how much was stolen/frozen from the exchange.

Sources on the ground

Which is why we have reached out to our friends at CoinLink, a South Korean cryptocurrency exchange and we spoke with the company’s Global Business Development Chief Officer, Sean Lee.

They’ve helped us understand the situation better and provide you with some exclusive data.

How was the hack executed?

EBcoin was supposed to get listed on the exchange on June 11th, which was when a fake email was sent by hackers pretending to be the owner of the coin. The email contained a hacking tool, which is presumed to have been the access point for the hackers.

The investigation

KISA (The Korea Internet Development Agency) is supporting with the Korean police which is leading the investigation. The police are aware of the facts of the situation, as they have been reported by the exchange in front of 300 people. Our report comes from a source of our source, a person that attended the public statement of the company:

KISA received this report on the morning of June 10 and said that it was working closely with the National Police Agency to analyze and uncover the exact cause of the accident.

Additionally, KISA said Coinrail was not ISMS certified. In this regard, even the four cryptographic exchanges (Coin One, Bitsum, Upbit, and Cobit), which are subject to the ISMS certification, are all not certified.

Coinrail announced that it was not a member of the Korea Block Chain Association, which became the issue by publishing autonomous regulations on the Codex Exchange.

It also said it agrees to restore all of the damages that resulted as a consequence to the hack. Once the homepage is working correctly, most users will see that are still owners of most of their assets, as they have been frozen and the company is working on getting them back.

The exchange utilized support from “NPXS,” “NPER,” and “ASTON” development teams to successfully perform freezing or recoveries of 2/3 of affected assets. They also said that they are working on completely mitigating the damage through collaborative exchanges, investigation agencies, and related organizations.

Our sources say that the company responded well to the official visitation by the state’s officials, and that requires preparation and readiness.

Aston’s Report

Coinrail and Aston worked together to mitigate the damage created by the hackers. Out of 210 million ATX that were held by the exchange, 93 million were stolen. These tokens in question were frozen by Aston.

Aston made three different suggestions to Coinrail for dealing with the missing ATX tokens:

These two entities are collaborating heavily on restoring the performance of the exchange and plan to make an official announcement soon.

We will keep in touch with this story, and provide more information as the story develops.


Featured Image via Pexels.

Source: Read Full Article

click fraud detection