In the old days the bank robbers would rob the local town and ride off into the sunset. The new version is a little less easy to see. Coinrail, a South Korean cryptocurrency exchange, has announced that it was hacked on 10 June. That’s a polite phrase for “our customers lost a lot of coins”.
The cyberattack resulted in more than $40 million USD worth of altcoins (coins that aren’t bitcoin or Ethereum) being stolen. This represented around 30% of coins traded on the exchange. Quite a substantial amount, considering Coinrail is a smaller cryptocurrency exchange!
The companies issuing the tokens were not themselves hacked. Rather, it was the tokens belonging to Coinrail users on the website – sort of like their deposit boxes in old bank terms. In response, Coinrail said had frozen two thirds of the stolen tokens. The remaining 70% of cryptocurrency which was not stolen has been moved to a “cold wallet” which is not accessible on the internet.
The Coinrail hack is said to be the fifth major coin exchange theft to happen this year alone. Coincheck, a Japanese exchange, claimed it lost 3% of its tokens in an attack in January this year, amounting to about $400 million worth of tokens. BitGrail in Italy was attacked in February, and lost over $200 million worth of cryptocurrency in minutes.
Reports on the attack have highlighted the lack of regulation in this space. Governments are still catching up in regulating cryptocurrency exchanges – Japan has a licensing system for cryptocurrency exchanges and is establishing a self-regulatory body for the industry. In April Australia also launched new regulations. Victims of cryptocurrency hacks currently have little recourse for getting their money back. Coincheck chose to reimburse the 260,000 customers affected by their hack, out of its own capital. However it is still facing class actions from disgruntled customers. The problem with cyberspace is you can’t just form a posse and chase the robbers like the “old wild west”.