South Korean cryptocurrency exchange Coinrail suffered a breach on Sunday that allowed hackers to steal Pundi X (NPXS), NPER (NPER), and Aston (ATX) coins being offered for sale as part of an Initial Coin Offering (ICO).
In a blog post published on Sunday, Coinrail said that around 30 percent of coins stored in its servers were stolen by unknown hackers but two-thirds of them were later recovered after the exchange managed to freeze addresses where hackers had stored the stolen coins. The firm is now working with law enforcement authorities and other exchanges to recover the remaining coins.
Coinrail also announced that 70 percent of coins that were not affected by the hacking operation were moved to a cold wallet to keep them safe in the event of further attacks. Until the investigations are completed and the service is stabilised, customers will neither be able to withdraw or sell coins that are kept in the cold wallet.
"Coin Rail is committed to maximising the protection of your assets, minimising the damage and recovery, and cooperating with criminal investigation agencies in order to catch hackers as criminal measures. At the same time, keep in close contact with the coin developers and follow up We are discussing. The updated contents will be announced on the homepage continuously," the firm added.
Even though Coinrail hasn't quantified its losses yet, South Korea's Yonhap News has estimated that total losses suffered by the exchange were around £28 million.
The theft of ICO tokens during an Initial Coin Offering is a well-known strategy of hackers to steal as much cryptocurrency as possible in one go. In July last year, cryptocurrency trading platform CoinDash suffered a massive breach as soon as it opened an Initial Coin Offering, losing £5.54 million in Etherium coins.
Similarly, Hong Kong-based Bitcoin exchange Bitfinex also suffered a major cyber attack that led to the loss of nearly 120,000 Bitcoins (£52.3 million) and also resulted in the fall of Bitcoin's value by over 20 percent.
Commenting on the latest cyber-attack on Coinrail, Andy Norton, director of threat intelligence at Lastline, told SC Magazine UK that the cryptocurrency marketplace is still immature and provides very little in terms of safeguards to investors.
"It's extremely unlikely that cyber-security controls inside a cryptocurrency exchange are anywhere near the level of controls a FIAT bank would have. These shortcomings, and many other things like the lack of clarity around anti-money laundering controls and knowing your customer requirements will continue to prevent cryptocurrency from going mainstream as a payment method," he added.
According to Reuters, Coinrail's announcement on Sunday resulted in a fall in Bitcoin's value to a two-month low as investors expressed their concern over the security of cryptocurrency transactions as well as over the weak regulation of global cryptocurrency markets.
"It's one more drop in the ocean of crypto-breaches will unlikely drive any substantially new conclusions or concerns. This Bitcoin drop seems to be a temporary fluctuation, investors are now waiting for some good or bad news," said Ilia Kolochenko, CEO and founder of High-Tech Bridge to SC Magazine UK.
"A well-prepared hacking campaign, targeting top Western media agencies, can virtually ruin Bitcoin after releasing fake news about major breaches and subsequent cryptocurrency ban by major countries. People playing short can make unprecedented profits, however, Bitcoin may ultimately never recover at the end of the day," he added.
Weds 21st Nov, 3pm
A practical risk-based approach to implementing GDPR and building a security-aware culture in your organisation.
Brought to you in partnership with Metacompliance
Mon 19th Nov
Brought to you in partnership with Mimecast