We’re starting a new series chronicling security issues in the general blockchain space. Exchange hacks are one of the reasons we started our DEX adventure. Cryptocurrencies, blockchains, and smart contract technologies have tremendous potential to revolutionize the way our world works, but as with any technological revolution, there will be growing pains. Every piece of code has bugs, and when there’s financial value at stake, there’s incentive to exploit those bugs. We shouldn’t deride the misfortune of others; instead, we should examine these incidents and see what lessons we can collectively draw for our designs and operations of distributed systems.
So, prompted by this past weekend’s Coinrail incident, we introduce our first ‘Hack Attack!’ news flash.
Coinrail, a Korean cryptocurrency exchange with about $2.5M in daily traded volume, detected a cyber intrusion in their system on June 9. The Coinrail team confirmed via a Twitter post a theft of tokens. The hacker stole over $40 million worth of coins, including 2.6 million NPXS tokens (worth $19.5 million), 831 million DENT tokens (worth $6 million), and a host of other tokens. The stolen tokens comprised 30% of users’ funds deposited with Coinrail.
In response, the Coinrail team pulled the exchange offline and moved users’ remaining assets from Coinrail servers to cold storage. The team notified the Korean police and as well as the companies behind each of the affected tokens. Pundi X, the issuer of the NPXS token, froze all NPXS transactions across all exchanges to help with the investigation. NPER and Aston also confirmed freezing their respective tokens. Coinrail announced on June 11 that they made an agreement with DENT to replace all of the users’ stolen DENT funds.
How it happened
South Korean law enforcement is still investigating the hack, so many details have yet to be released. Etherscan does show an address (currently flagged) with the stolen NPXS tokens. It looks like the hacker tried to cash out some of the NPSX tokens, since a transaction shows that 26 million tokens were transferred to IDEX, another exchange, after the hack took place. As of this writing, those tokens are still in a smart contract owned by IDEX. IDEX put out a statement on June 11, confirming that they have some of the stolen NPSX tokens, and that they are being stored safely in the smart contract for the duration of the investigation. In addition, another address purportedly belonging to the hacker is currently flagged as suspected of a ‘phishing’ scam.
A few thoughts we had based on current reporting of this event:
- It’s great to see exchanges and token issuers working together to investigate and protect token holders.
- Kudos to Coinrail for agreeing to reimburse affected users.
- Exchanges may need to spend extra time screening the Ethereum addresses interacting with their platforms. It’s a bit unclear, but it appears some of the addresses involved in the Coinrail hack may have been flagged previously. Are there ways that exchanges can scan for addresses suspected of bad behavior? Does there need to be some sort of industry-wide database or forum to securely share information on attack specifics, so exchanges can learn from each other?
We’ll share how we’ve thought about these issues in the context of building The Ocean over the coming weeks.
Update: Coinrail tweeted a press release (in Korean) yesterday with updates on the attack.
We just launched registration this week! Check out our new website and sign up to claim your OCEAN tokens.