South Korean cryptocurrency exchange Coinrail has reportedly been hacked, suffering a theft of over $37 million in cryptocurrency.
Coinrail itself has confirmed what it calls a “cyber intrusion” via its official Twitter account. The tweet says that the exchange has suspended its services until further notice while they investigate the issue.
While Coinrail itself has not confirmed exactly how many tokens have been stolen, media outlets are reporting over 40 billion won in ERC20 tokens were stolen (roughly $37.2 million USD equivalent). Coinrail says the ERC20 tokens stolen include ATC, NPER, and Pundi X’s NPXS token.
Pundi X took the brunt of the theft, and in a blog post the Pundi X team says that the hacker made off with 2.6 billion NPXS, 93 million ATX, 831 million DENT, and 1,927 ethereum. Data from the wallet where the tokens ended up also show that additional tokens were stolen such as Tron’s TRX tokens.
After the intrusion, the hacker then moved 26 million NPXS tokens to decentralized crypto exchange IDEX in an attempt to sell the tokens, however, IDEX was able to freeze the coins before they could be sold. In addition, Pundi X has launched an “emergency security protocol” to pause all NPXS transactions to further investigate the hack that resulted in 3 percent of its total supply ending up in the hands of cyber criminals.
As a precaution, Coinrail has moved nearly two thirds of its total tokens to an offline cold wallet for safekeeping. The remaining tokens, Coinrail says “are being investigated with investigators, relevant exchanges and coin developers.”
CoinMarketCap data ranks Coinrail as the 90th largest cryptocurrency exchange by volume. A recent report by security firm Carbon Black says that over $1 billion in cryptocurrency has been stolen in the first half of 2018. Coinrail’s hack is among the first major hacks in the second half of the calendar year.