Coinrail Postmortem

Raw content extract from web search (WebFetch tool not available).

Coinrail Hack — June 10, 2018

Summary

South Korean cryptocurrency exchange Coinrail was hacked in the early morning hours of June 10, 2018, with thieves making off with over $40 million worth of altcoins and tokens. Coinrail was a small exchange (~90th largest at the time, with ~$2M daily volume).

Scope of Loss

• ~30% of tokens held by the exchange were stolen.

• ~$20M worth of NPXS (Pundi X) tokens.

• ~$14M of Aston X.

• ~$6M in Dent tokens.

• Over $1M in TRON.

Root Cause

• Per local police, the hack happened due to a lack of efficient security protocols.

• Networking experts believed the breach was made successful by involuntary support from a machine inside the company that had admin-level access to the internal system (likely insider machine compromise — phishing/malware).

Response

• Coinrail had 70% of reserves in cold storage (unaffected).

• Of the 30% stolen, two-thirds were reportedly frozen by token issuers (NPXS, Pundi X, etc.) cooperating with the exchange.

• The exchange suspended services for an extended audit and partial recovery process.