Coinrail Exchange Hacked, Loses Possibly $40 Million in Cryptos

South Korea-based Coinrail has not disclosed the exact amount lost in the breach, but data suggests the damage could be $40 million.

AccessTimeIconJun 11, 2018 at 6:32 a.m. UTC
Updated Sep 13, 2021 at 8:02 a.m. UTC

Coinrail, a cryptocurrency exchange based in South Korea, said on Sunday its platform has been hacked, with other sources suggesting it lost cryptocurrencies totaling as much as $40 million in the attack.

According to its website, the exchange has already suspended services after it suffered what it calls a "cyber intrusion," which resulted in a range of ERC-20 based tokens stolen from the platform.

However, Coinrail only provided the names of some of the tokens that were taken in the alleged breach without disclosing the exact amounts at stake. These included the NPXS token from the Pundi X project, ATC from Aston and the NPER project's NPER token.

However, a blog post published by Pundi X on Sunday suggested that the hacker may have stolen 1,927 ether, 2.6 billion NPXS, 93 million ATX and 831 million DENT coins, as well as significant amounts of six other tokens.

These assets in total were worth around $40 million at the time of the hack and have since dropped to around $30 million at press time, according to data from CoinMarketCap.

Pundi X's article suggested that following the hack, Coinrail alerted the project on Sunday to an ethereum address which is believed by Coinrail to be associated with the hacker. That address is now flagged as "Fake_Phishing1432."

Data from shows the address tried to sell some 26 million NPXS tokens at IDEX, a decentralized ethereum asset exchange, right after it received 2.6 billion NPXS from another address that is also now labeled as a suspicious account – "Fake_Phishing1431."

Coinrail and Pundi X claimed that IDEX froze the assets sent from the Fake_Phishing1432 address upon investigation and the NPXS tokens were not liquidated.

In addition, transactions associated with Fake_Phishing1431 show it received a range of cryptocurrencies from a single address several hours before Coinrail reported the hack, which, besides ETH, NPSX, ATX, DENT, also included tokens from other projects such as Kyber Network, Storm, Jibrel Network and Tron.

Data from further indicates that, following the hack, while the NPXS was sent to IDEX, other stolen tokens appear to have been sent for trading to EtherDelta, another decentralized cryptocurrency exchange.

However, it remains unclear at this stage whether the assets had been liquidated or not. Coinrail could not be reached for an update, and EtherDelta has not yet responded to a CoinDesk request for comment.

Coinrail said on its website that 70 percent of its reserves are safe as they have been moved to a cold wallet which is not accessible through the internet.

For the 30 percent that were compromised, the firm said two-thirds of them are currently frozen. Meanwhile, it's still investigating the final third of those tokens with "police, investigators, relevant exchanges and project developers."

Data from CoinMarketCap showed the platform was ranked around 90th largest around the time of the hack, with 24-hour trading volume amounting to some $2 million on the site. Its data is currently not available on CoinMarketCap due to the system suspension.

Hack image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.