Breach, Threat Management, Data Security, Security Strategy, Plan, Budget

South Korean cryptocurrency exchange hit, sparking drop in bitcoin prices; Ethereum heist nets $20M

A cyber assault against a South Korean bitcoin exchange firm Coinrail resulted in steep fall in the cryptocurrency as concerns about its security come into question.

Over the weekend, threat actors made off with about 30 percent of the coins traded on the exchange. Although the firm didn't quantify the value of the heist, a South Korean news agency Yonhap estimated the value of the theft at 40 billion won (US$37.2 million) worth of cryptocurrency.

The remaining 70 percent of coins were placed in cold storage, meaning they were taken offline where they won't be traded until the firm has stabilized its trading service. The cryptocurrency has since fallen by around 10 percent of its value as of June 8.

The agency went on to explain that 21 billion won worth of Pundi X and 14.9 billion won worth of Aston were among those pilfered cryptocurrency, were among the stolen funds.

Coinrail said around 80 percent of the stolen cryptocurrency had been frozen, withdrawn, redeemed or equivalent, in consultation with their co-workers and related exchanges, while the remainder are under investigation with investigators, related exchanges, and coin developers

High-Tech Bridge CEO and founder Ilia Kolochenko called the incident another drop in the ocean of crypto-breaches which will unlikely drive any substantially new conclusions or concerns.

“This Bitcoin drop seems to be a temporary fluctuation, investors are now waiting for some good or bad news. The emerging problem of Bitcoin is its extreme influenceability by third-parties,” Kolochenko said. “A well-prepared hacking campaign, targeting top Western media agencies, can virtually ruin Bitcoin after releasing fake news about major breaches and subsequent cryptocurrency ban by major countries”

He went on to say that Bitcoin may ultimately never recover at the end of the day. James Lerud, head of the Behavioral Research Team at Verodin said investors should imagine their crypto wallet as a safe deposit box that exists in a room with everyone else's deposit boxes.

"It is important to remember that if you are investing in a well-known crypto asset such as Bitcoin or Ethereum, you do not need to worry about someone breaking into the safe deposit box,” Lerud said. “You need to worry about safeguarding the key.”

He went on to say the best combination of safety and ease of use are hard wallets that are typically USB devices that are very secure and provide recovery options in case you lose the device.

In a separate heist, hackers stole more than $20 million worth of Ethereum from misconfigured Ethereum-based apps.

Cybercriminals exploited the software applications that had been configured to expose an RPC [Remote Procedure Call] interface on port 8545, according to Bleeping Computer.

The RPC interface grants access to sensitive functions and allow third-party apps the ability to retrieve private keys, move funds, or retrieve the owner's personal details.

Despite the Ethereum Project sending out an official security advisory back in 2015, users have continued to misconfigure their Ethereum clients across the years, with many reportedly losing funds out the blue, in cases that were later attributed to exposed RPC interfaces.

The price of Ethereum has been in decline over the last few months. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.