South Korean cryptocurrency exchange Coinrail said it’s cooperating with law enforcement after suffering a hacking attempt.
In a statement posted to its website, Coinrail revealed it was working with police to investigate an incident that might have exposed 30 percent of the total number of coins traded on the exchange. It placed the remaining 70 percent of coins in cold storage, meaning it took them offline so that they couldn’t be traded. The exchange said it will retrieve the coins once it has stabilized its trading service.
The cryptocurrency market didn’t specify the aggregate value of the stolen assets. According to South Korean news agency Yonhap, industry analysts estimate that hackers stole 40 billion won (US$37.2 million) worth of cryptocurrency. 21 billion won worth of Pundi X and 14.9 billion won worth of Aston were among those pilfered cryptocurrency, they explained.
Reuters reported that the heist at Coinrail sent the price of Bitcoin tumbling to a two-months low. It was last trading at approximately $6,755, representing more than a 10 percent drop from its value on 8 June.
In January 2018, 14 major cryptocurrency exchanges in South Korea adopted measures designed to better protect users against heists. Coinrail wasn’t among them. Kim Jin-Hwa, a representative at Korea Blockchain Industry Association, told Reuters why:
Coinrail is not a member of the group that promotes self regulations to enhance security. It is a minor player in the market and I can see how such small exchanges with lower standards on security level can be exposed to more risks.
As a minor player, Coinrail was also not one of the four cryptocurrency exchanges bound by South Korea’s Information Security Management System (ISMS) certification requirement.
Coinrail said that it will continue to work with law enforcement and update its website as it learns more about the incident with investigators.
News of this hacking attempt follows nearly six months after South Korean Bitoin exchange Youbit announced it had filed for bankruptcy and decided to cease all operations after suffering two hacking attacks in 2017.