South Korean cryptocurrency exchange Coinrail said it was the victim of a hack on Sunday, with reported losses of about 40 billion won ($37.2 million) in cryptocurrency.

In a blog post on Monday, Coinrail confirmed it had suspended its services following a “cyber intrusion” in its systems earlier on Sunday morning.

현재 코인사들과 피해를 막기 위해 협의중이며 일부코인들의 네트워크망 전송이 불가할 수 있습니다. 회원님의 피해가 없도록 최대한 빠른조치를 진행하도록 하겠습니다. — coinrail (@Coinrail_Korea) June 10, 2018

Without disclosing the exact amounts stolen, Coinrail revealed some of the stolen ERC-20 tokens, namely NPXS tokens from Pundi X, a payment project; ATC from Aston X, a decentralized document project and; NPER tokens from the namesake decentralized IP project.

The hardest hit was Pundi X, which said the hackers made away with a total of 2,619,542,080 NPXS tokens, approx. $19.5 million at the time of the theft.

Data from a wallet address allegedly associated with the hacker has also pointed to 93 million (approx. $13.8 million) in ATX tokens and 831 million DENT coins, nearly $6 million in value, as well as a number of other tokens from projects including Jibrel Network, Storm, Kyber Network, B2BCoin and over $1 million in TRX tokens from Tron. The total value of the stolen tokens at the time of the theft exceeded $40 million.

Data from Coinmarketcap indicates that Coinrail was the world’s 90th largest crypto trading platform on Sunday.

The hacker has since dipped into some of the 2.6 billion NPXS tokens in an attempt to sell 26 million coins at decentralized ERC-20 exchange IDEX, transaction data reveals. IDEX froze those coins before they were liquidated, Pundi X confirmed, adding it had also instigated its own ‘emergency security protocol’ to halt all NPSX transactions at midday Sunday to investigate the theft of coins that equaled 3 percent of its entire current supply. Other stolen tokens in differing values have also been sent to another decentralized exchange EtherDelta, data from etherscan.io revealed.

Coinrail contends that 70% of its total coin reserves have been moved to an offline cold wallet and remain safe. Two-thirds of remaining 30 percent of token compromised have been frozen or recalled through consultation with developers like Pundi X and communication with exchanges like IDEX, the operator said.

Coinrail added:

“The remaining one-third of coins are being investigated with investigators, relevant exchanges and coin developers.”

In a statement, a representative from the Korea Blockchain Industry Association, a self-regulatory group, revealed the exchange wasn’t a member of the working group.

As reported by Reuters, representative Kim Jin-Hwa stated:

Coinrail is not a member of the group that promotes self regulations to enhance security. It is a minor player in the market and I can see how such small exchanges with lower standards on security level can be exposed to more risks

Featured image from Shutterstock.