SEOUL (Reuters) – South Korean cryptocurrency exchange Coinrail said it was hacked over the weekend, sparking a steep fall in bitcoin amid renewed concerns about security at virtual currency exchanges as global policy makers struggled to regulate trading in the digital asset.
In a statement on its website on Monday, Coinrail said its system was hit by “cyber intrusion” on Sunday, causing a loss for about 30 percent of the coins traded on the exchange. It did not quantify its value, but in an unsourced report local news outlet Yonhap news estimated that about 40 billion won ($37.28 million) worth of virtual coins were stolen.
The heist at Coinrail, a relatively small South Korean cryptocurrency exchange, sent the price of bitcoin tumbling to two-month lows as it once again highlighted the security risks and the weak regulation of global cryptocurrency markets.
South Korea is one of the world’s major cryptocurrency trading centers, and is home to one of the most heavily trafficked virtual coin exchanges, Bithumb.
On the Luxembourg-based Bitstamp, bitcoin BTC=BTSP was last trading at $6,790.88, down a sharp 10.8 percent from Friday, having fallen roughly 65 percent from its all-time peak hit around mid-December 2017.
Investors and regulators were jolted earlier this year after Japan’s cryptocurrency exchange Coincheck was hacked in a high-profile theft of over half a billion dollars worth of digital currency.
In 2014, Tokyo-based Mt. Gox, which once handled 80 percent of the world’s bitcoin trades, filed for bankruptcy after losing bitcoins worth around half a billion dollars. More recently, in December last year, South Korean cryptocurrency exchange Youbit shut down and filed for bankruptcy after being hacked twice.
Global policy makers have warned investors to be cautious in trading the digital currency given the lack of broad regulatory oversight.
“Coinrail is not a member of the group that promotes self regulations to enhance security. It is a minor player in the market and I can see how such small exchanges with lower standards on security level can be exposed to more risks,” Kim Jin-Hwa, a representative at Korea Blockchain Industry Association.
In South Korea, 14 major local cryptocurrency exchanges adopted measures aimed at better protecting users in January this year, including restrictions on creating more than one account.
Coinrail said the balance 70 percent of virtual coins are now secure in its “cold wallet”, which operates on platforms not directly connected to the internet. It wasn’t immediately clear whether the lost coins were stored in the more insecure ‘hot wallet.’
Korea Internet & Security Agency, currently carrying out the investigation with police, said only four of the country’s largest exchanges are subject to the Information Security Management System certification (ISMS) requirement.
The ISMS is a system that certifies protection of personal information at companies with average daily visitor of over 1 million.
“Coinrail, as of June this year, hasn’t been certified with the ISMS, as it isn’t mandatory (for the organization to do so),” the local regulator said in a statement.
Coinrail confirmed in its statement that the exchange is fully cooperating with a police investigation into the hacking, and that trading has been suspended for now. The company wasn’t immediately available for further comments.
Coinrail was the 98th largest cryptocurrency exchange that trades more than 50 different virtual coins, according to Coinmarketcap.com
Reporting by Cynthia Kim; Additional reporting by Choonsik Yoo; Editing by Shri Navaratnam