Coinrail, the seventh-largest cryptocurrency exchange in Korea, was hacked last week. The hackers made off with around 3.6 billion coins worth around 40 billion won ($36.9 million).
The heist sent a shockwave through the Korean cryptocurrency market, pulling down the price of coins and tokens across the board.
Following the incident, the value of bitcoin, the most well-known cryptocurrency, tumbled by about 7 percent to fall below 8 billion won in Korea for the first time since April.
Here are the basics on how cryptocurrency exchanges can be compromised.
How safe are exchanges?
Currently, there are no government regulations on cryptocurrency buyers other than the requirement that they use bank accounts linked to their real name, which was introduced in January.
The top four exchanges in Korea ? Upbit, Bithumb, Coinone and Korbit ? are required to adopt an information security management system (ISMS) certified by the state-owned Korea Internet & Security Agency (KISA) by the end of the year. This security requirement only applies to information and telecommunication service providers that have annual revenue over 10 billion won or over 1 million daily users. Smaller exchanges that don’t meet these requirements don’t have to use a security management system.
None of Korea’s cryptocurrency exchanges, however, have actually received the certification yet, though they have announced plans to introduce ISMS systems later this year.
The only foolproof cryptocurrency security method is storing it in a cold wallet, which is not connected to the internet. Most cryptocurrency is stored on hot wallets, which are connected to the internet.
The Korea Blockchain Association recommends that cryptocurrency exchange clients save at least 70 percent of their cryptocurrency holdings in a cold wallet.
How do hackers steal information from exchanges?
The most common way of stealing cryptocurrencies is hacking exchanges themselves, which is much easier than trying to manipulate the cryptocurrencies themselves. Some hackers have also used malware to harvest the personal information of cryptocurrency owners.
According to U.S. security company Carbon Black, 27 percent of total hacks this year targeted cryptocurrency exchanges.
In most cases, hackers try to steal information, such as their private keys, and then transfer their cryptocurrencies to their own accounts.
What can a hacker do with stolen cryptocurrency?
It’s unclear exactly what hackers can do with stolen coins. The decentralized ledger means it is difficult for thieves to immediately start trading or spending their ill-gotten funds, but recent cases suggest that hackers can try to launder the stolen coins at decentralized exchanges before cashing out cleaner coins through centralized exchanges, according to Simon Yu, CEO of Storm, a Seattle-based blockchain company.
Decentralized exchanges ensure a higher level of anonymity compared to centralized platforms.
Earlier this year, hackers drained around $500 million worth of XEM tokens from Japanese cryptocurrency exchange Coincheck. NEM Foundation, the issuer of XEM, tagged the stolen tokens as “tainted” in an effort to track their movement. However, despite the tracking effort, most of the stolen funds are thought to have been laundered at exchanges around the world or through dark web channels. This has forced the foundation to call off the hunt.
Isn’t the idea of blockchain that cryptocurrency is always traceable?
Cryptocurrency transactions are traceable as they are recorded in ledgers that are open to the public. However, coins are traded from wallet to wallet anonymously, making it difficult to find out the identity of the people behind the trading.
For instance, if hackers turn to dark web channels or wash stolen funds at decentralized exchanges, it becomes virtually impossible to trace the identity of the perpetrators.
Hackers steal millions of coins and trade them anonymously for new coins very quickly, often using automated services on the dark web that mix tainted coins with clean coins.
Although all of these transactions are being recorded in each coin’s blockchain, the hackers create such extensive trails that they become virtually impossible to follow.
Even if the trail of interactions could be unraveled, the anonymity essentially ensures that the thief has long disappeared before authorities can reach the end of the trail.
“For such reasons, more exchanges are getting aggressive to comply with KYC [know-your-customer],” explained Yu.
Have there been any major hacks in the past?
There have been a number of major hacks in the past.
The biggest security breach to date happened in 2004 when about 850,000 bitcoins went missing from Mt. Gox, once the biggest digital coin exchange in the world. The Japanese exchange handled about 70 to 80 percent of all bitcoin transactions in the global market. The total loss was estimated at around $400 million at the time, although today, those coins would be worth more than $5 billion.
The incident forced Mt. Gox to declare bankruptcy and close down its service.
In Korea, Youbit folded in December last year after being hacked for a second time. Youbit is currently operating again after it was sold to CoinBin, another exchange in Korea.
Has stolen cryptocurrency ever been recovered?
There haven’t been any reports of large amounts of stolen cryptocurrency being directly recovered, but losses have been mitigated.
In a public statement released after the recent attack, Coinrail said it was able to “freeze, retrieve and compensate” about 80 percent of the cryptocurrency that was stolen. In this case, the exchange was able to obtain coins or tokens from some of the issuers, equivalent to the quantity that was lost.
For instance, TraDove, the issuer of the BBCoin tokens that were lost during the attack, said in a statement that it has “reached an agreement with Coinrail in which a full recovery of TraDove BBCoin tokens will be credited to these token holders’ accounts.” It is highly likely that, instead of recovering the stolen ones, the companies decided to reimburse the owners with existing “clean” cryptocurrency.
“In most cases, it is not possible, or at least difficult, to recover lost cryptocurrency, because when most companies create tokens, they do not want to have that much power that enables them to track and retrieve tokens at their own discretion,” said Yu of StormX.
Simon explained that exchanges could put a stop to certain wallet addresses and freeze activities if the wallet belongs to centralized exchange.
It is quite unlikely that hackers would put stolen coins or tokens into centralized exchanges first because they know that their activities could be tracked. Yu added that if exchanges store coins or tokens in cold wallets it would be the most effective way to prevent hacking.