Report: Suspicious Transactions at Korean Exchange Coinrail Months Before Hack

Following the announcement by South Korean crypto exchange Coinrail that it has been hacked, a local publication reported that some banks had identified suspicious transactions at the exchange and stopped providing services to company months before the incident.

Also read: Yahoo! Japan Confirms Entrance Into the Crypto Space

Suspicious Transactions Detected

South Korea’s seventh-largest cryptocurrency exchange, Coinrail, announced that it was hacked on Sunday, June 10, with the thieves targeting several altcoins. The damage is estimated to be around 45 billion won (~US$42 million), according to local media.

The hardest hit was Pundi X’s NPXS, a recently-launched token that accounts for roughly two-thirds of Coinrail’s trading volume. Other coins allegedly stolen include ATX, NPER, and DENT, the exchange wrote on its website.

On Monday, Chosun reported that, back in February, some local banks detected money-laundering activities at Coinrail. The publication quoted a bank official revealing:

Several banks that traded with Coinrail found suspicious money-laundering transactions in Coinrail in February, and some banks took steps to stop their fund deposits in April.

The banks, however, did not offer any specific reasons for the service suspension, the news outlet noted.

In South Korea, banks can legally refuse to service crypto exchanges under the Financial Transaction Reporting and Use Act and Virtual Currency Anti-Money Laundering Guideline if they do not use real-name accounts. The real-name system was implemented by the regulators at the end of January. However, the conversion rate has been low.

Security Breach and Police Investigation

The notice on Coinrail’s website.

The Coinrail incident has attracted a lot of media attention because its alleged hack would be the largest cyber theft in South Korea to date by the equivalent won amount. Two other major hacks in the country concern another exchange, Youbit, which suffered security breaches in April, and again in December. Youbit was operating under the name Yapizon in April, however, changed its name after the first hack.

At the time of this writing, Coinrail’s exchange is offline and there is a system maintenance note on its website. The notice states that currently 70% of the total coins at Coinrail have been safely moved to cold storage. “About 80% of the coins that have been confirmed to be leaked have been frozen/ withdrawn/ redeemed or equivalent…while the remainder is under investigation with investigators, related exchanges, and coin developers,” the exchange wrote, adding:

The exact damage of the leaked coins / tokens is currently being confirmed, which may require some time with the coins.

“Investigators visited the exchange yesterday to ascertain whether it was an accident or a crime,” the Korea Times quoted the National Police Agency Cyber Bureau on Monday. The police, the Korea Internet Development Agency (KISA), and the Ministry of Science, Technology and Information are investigating the case, Ddaily detailed. “KISA has been on the scene since the day of the 10th and is analyzing the cause of the incident jointly with the National Police Agency.”

What do you think of Coinrail’s alleged hack? Let us know in the comments section below.

Editor’s note: Some quotes have been translated from Korean. Images courtesy of Shutterstock and Coinrail.

Need to calculate your bitcoin holdings? Check our tools section.