Coinrail cyber heist highlights need for exchange security

The theft of millions of dollars’ worth of cryptocurrency from the South Korean Coinrail exchange at the weekend has resulted in a nearly 11% fall in the value of bitcoin, which is 65% down from its peak in December 2017, and prompted fresh calls for regulation of the industry.

In a statement on its website, Coinrail apologised for the incident and said 70% of its coins were safe, implying losses of 30%, which South Korean news reports have estimated is worth around $37m, according to Reuters.

“All assets of Coinrail, which have not been leaked, are moved to a cold wallet and are kept safe, and transactions and withdrawals will resume after stabilising the service. We will update the announcement when possible,” the statement said.

The Coinrail heist has further raised concerns about the lack of regulation in the industry and is the latest in a series of heists at cryptocurrency exchanges, which cyber security analysts say is a logical target for cyber criminals whose primary aim is to amass wealth in the easiest ways possible.

The Coinrail attack comes just months after Japan’s Coincheck cryptocurrency exchange lost $400m worth of digital currency and South Korea’s Youbit exchange was forced to file for bankruptcy and close after two cyber attacks, while in 2014 MTGox filed for bankruptcy after losing bitcoins worth around $500m.

The Bank of England and global policy-makers are calling for greater regulation of cryptocurrencies to protect the financial system and reduce illicit activities.

In March 2018, Bank of England governor Mark Carney said the time had come for regulation to hold the crypto-asset ecosystem to the same standards as the rest of the financial system.

“A better path would be to regulate elements of the crypto-asset ecosystem to combat illicit activities, promote market integrity, and protect the safety and soundness of the financial system,” he said.

The Parliamentary Treasury Committee has also announced that it is looking at the opportunities and risks associated with digital currency.

The inquiry will assess how the government and financial services regulators such as the Financial Conduct Authority (FCA) and the Bank of England can create an environment to protect consumers, without holding back innovation.

Industry commentators have pointed out that Coinrail is not among the major South Korean cryptocurrency exchanges that practise self-regulation and have adopted measures to enhance security, while only four of the largest exchanges have more than one million daily visitors and are required to have information security management system (ISMS) certification to certify the protection of personal data.

According to Coinmarketcap.com, Coinrail was the 98th largest cryptocurrency exchange based on volume, trading more than 50 different virtual currencies.

Coinrail said in its statement that the exchange was cooperating fully with official investigations into the cyber attack and that trading had been suspended until further notice while the investigation continued and it reviewed its security.