KISA Investigates a Cyber Attack on Coinrail

Jun 12, 2018

Prices of major cryptocurrencies including Bitcoin have collapsed one after the other as Coinrail, which is the 7th biggest cryptocurrency exchange in South Korea, was recently became a target of a cyber attack followed by cyber attacks on Bithumb and Youbit that happened last year.
Some are claiming that South Korean Government must carry out emergency investigations on every exchange in South Korea just like Japanese Government did on exchanges in Japan.
Fact that basis of measures for compensating consumers after cyber attacks are also unclear is also causing collapse of prices of cryptocurrencies.
According to industries, prices of cryptocurrencies collapsed by about 10% globally after Coinrail has become a victim of a cyber attack recently.
About 3.6 billion coins from 9 different cryptocurrencies such as Pundi X, NPER, ASTON, TRON, and STORM were taken out over a span of 40 minutes from cryptocurrency wallets owned by Coinrail. Market prices of most of cryptocurrencies that were hacked are about couple pennies per unit and it is estimated that $37.2 million (40 billion KRW) worth of coins were hacked in total. Situations where hackers are selling coins that they extorted to markets are taking places one after the other.
However, because clear basis of compensation for damages and investigations on causes of cyber attacks are not taking places even after continuous cyber attacks on cryptocurrency exchanges, consumers continue to become more confused with current situation.
Security industry predicts that there is a high chance that Bithumb Youbit, and Coinrail were all victims of ‘spear phishing’.
Spear phishing is a method where hackers target a specific person just like how fishermen catch fishes with spears. Hackers send emails with malware to employees and members of cryptocurrency exchanges. They usually abuse weak spots of HWP documents and DOCX documents. They carry out cyber attacks by disguising their emails as official documents or resumes and they know when their attacks are successful when just single employee of a cryptocurrency exchange opens a corresponding email. Through an infected account, they carry out second attacks on other employees and teams and infiltrate an internal system of an exchange. By doing so, they can extort personal keys or assets by falsifying internal database.

KISA Investigates a Cyber Attack on Coinrail

It is heard that a method used by a cyber attack on Coinrail was similar to spear phishing method. Actually, infected mails were sent to members and employees and executives of Coinrail early this month by a group assumed to be a group of hackers from North Korea.
“Although a possibility of a direct attempt of a cyber attack on Coinrail is unknown at the moment, there are traces of attacks that targeted members of other cryptocurrency exchanges recently.” said a high-ranking official of security company. “Although actual cause is yet to be unknown, it is difficult to eliminate a possibility of spear phishing as it attempts to attack many cryptocurrency exchanges at the same time and focuses on the ones that become infested.”
It is confirmed that Coinrail reported such incidence to KISA (Korea Internet & Security Agency) after it occurred on the 10th. KISA sent out an investigation group and is investigating the situation. KISA is planning to announce results after discussing with relevant departments in the future. It is estimated that it will take up to 3 months before KISA announces its results.
On the other hand, a problem regarding compensation for consumers due to cyber attacks is also expected to become an issue.
About 20 days before the hacking incident happened, Coinrail changed its terms regarding compensation for damage for consumers. From its article 20 (compensation for damage and special agreement), Coinrail deleted clause 4 that stated that Coinrail will compensate any damage for its members regardless of its members’ intentions by paying back digital currencies or KRW points that were last seen from members’ electronic wallets whenever its members claim compensation for damage from Coinrail. After end of May, it changed its clause by saying that Coinrail would not be responsible for any damage that is not caused by Coinrail’s mistake and that it will not stipulate or guarantee any detailed matter that is not stated in its term. Some are claiming that Coinrail is making a self-fabricated scenario after tracing paths of coins from Coinrail’s wallets and hackers’ wallets.
Regarding changes to its terms, Coinrail announced that it is true that it changed its terms and that nothing has been determined regarding range of its responsibilities or compensations regarding this situation.
Problems regarding unfair terms of cryptocurrency exchanges have been brought up consistently. Fair Trade Commission found unfair terms of 12 cryptocurrency exchanges in April and advised them to correct their terms. ‘Linus’, which was the operator of Coinrail at that time, also received an advice from Fair Trade Commission regarding its limited clauses on withdrawal and deposit and normal exemption clauses.
Staff Reporter Gil, Jaeshik | osolgil@etnews.com & Staff Reporter Park, Jungeun | jepark@etnews.com & Staff Reporter Jung, Youngil | jung01@etnews.com

Interpretation & Translation_Service Center

Refund Help Center