South Korea-based cryptocurrency exchange Coinrail announced on Sunday a cyber-incident during which an intruder made off with a large amount of ICO tokens stored on the company's servers.
The exchange announced the hack via a message on its website where it admitted a hacker stole tokens issued during the initial coin offerings (ICOs) of Pundi X (NPXS), NPER (NPER), and Aston (ATX), which were being traded at the time on its servers.
As soon as it detected the intrusion, Coinrail put its portal in maintenance mode. The exchange said it secured and moved most of its cryptocurrency assets in cold storage (offline) wallets.
Coinrail is now investigating the source of the hack. On Twitter, the exchange said it's working with the affected ICO companies to freeze the stolen tokens.
It also contacted other cryptocurrency exchanges and froze some of the attacker's addresses where he/she/they were storing some of the stolen funds.
The exchange didn't reveal a tally of the stolen funds, but users on a prominent Bitcoin forum tracked down some of the hacker's alleged addresses and believe he/she/they might have stolen funds worth between $30 and $40 million —with almost half of it being in NPXS tokens.
They also believe the hacker stole ICO tokens from other projects such as Dent (DENT) and Tron (TRN).
While hacked exchanges often went under in the early days of Bitcoin, nowadays, with pressure from authorities, most offer compensation plans for affected users. Coinrail did not publish any information about compensation plans.
Coinrail is a small cryptocurrency exchange and was ranked #99 on the CoinMarketCap website at the time of this article. While the exchange also dealt with Bitcoin, Ethereum, Ripple, and other more popular cryptocurrencies, it was popular because it also dealt in smaller coins and ICO tokens. Almost two-fifths of Coinrail's daily trade volume was in NPXS tokens, hence the reason hackers got their hands on so many NPXS tokens.