In mid-June, the Wall Street Journal reported that cyber thieves hacked into Coinrail, a South Korean cryptocurrency exchange, and made off with over $40 million in digital currencies. Since crypto assets are entirely unregulated, it’s not clear what recourse, if any, these crypto asset holders now have. In a worst-case scenario, they might be facing a total loss of $40 million. As might be expected, the scale and scope of this cyber heist has increased the call for new cryptocurrency regulations.
What just happened with Coinrail?
To understand why cryptocurrency regulations are so important, you first have to understand why the Coinrail heist is different from a traditional bank heist. If this had been a conventional bank robbery – if thieves had busted their way into a bank vault and made off with $40 million in cash, then the asset holders would have had some form of recourse. In the United States, for example, they would have protection from the Federal Deposit Insurance Corporation (FDIC), which guarantees the holdings of bank deposit holders.
However, in the world of crypto, there is no FDIC and there is no regulatory authority. In fact, in the world of crypto, it’s a game of “finder’s keepers.” There is no physical asset such as cash when it comes to cryptocurrencies; instead, all assets are just digital 1’s and 0’s that can be manipulated to change ownership. Without cryptocurrency regulations, the world of virtual currencies is a Wild West environment with surprisingly few defenses or safeguards against cyber intrusion.
Thus, if cyber thieves are able to penetrate the digital defenses of the server of a major currency exchange, it is equivalent to being given the master key to a bank vault: hackers can enter as they please and grab as many crypto alt-coins as they want. As you might imagine, it’s a lot easier to bust your way into an online server than it is to bust your way into a brick-and-mortar bank in the middle of the day.
In this case, the cyber thieves in South Korea made off with approximately $40 million in alt-coins. Thankfully, Coinrail is only ranked in the Top 100 exchanges in the world, according to trading volume, so the amount of damage was somewhat contained. Moreover, these alt-coins are ones that you’ve probably never heard of – there was no Bitcoin stolen, no Ethereum stolen, and no Ripple stolen. Instead, the cyber thieves made off with nearly $20 million worth of NPXS tokens, $14 million worth of Aston X tokens, and approximately $6 million worth of other obscure crypto tokens (e.g. Dent, Tron).
In response, Coinrail took as many actions as it could to prevent further disaster. For example, Coinrail called in the South Korean police, who are now examining the exchange’s servers. Coinrail also took the extraordinary step of freezing all tokens that were stolen so that they cannot be further traded. And the South Korean crypto exchange has also taken all other assets offline, putting these crypto assets into a so-called “cold wallet” (a physical storage device not connected to the Internet, so that hackers can’t reach them). Right now, Coinrail says it has secured 70% of the tokens held on the exchange, meaning that 30% of the crypto assets might be lost forever.
Crypotocurrency regulations might prevent future crypto hacks
Not surprisingly, supporters of cryptocurrency regulations say there is a huge problem when cyber thieves can make off with $40 million worth of assets overnight and feel relatively secure that nobody will be able to track them down. (Crypto assets, by their very nature, mean that the identity of each asset holder is protected cryptographically). It’s like robbing a bank in full daylight and knowing there are no alarm systems and no security cameras to get in the way.
And Coinrail is hardly the only hack of a major exchange. Earlier this year, Japan’s Coincheck exchange lost 10 times the amount as Coinrail – a staggering $400 million worth of crypto assets. And in late 2017, Tether lost $31 million in crypto assets after a similar attack. But the real “mother of all crimes” was the massive hack of Mt. Gox in 2014, which resulted in $350 million worth of Bitcoin being stolen out of thin air. (Given today’s exchange rates, that amount of Bitcoin would be worth more than $5 billion)