Coincheck exchange hack shakes cryptocurrency world

29 Jan 2018

Shibuya, Tokyo. Image: Sean Pavone/Shutterstock

Coincheck will refund customers who lost their NEM coins in the recent hack.

Japan’s financial regulator said it will be inspecting all cryptocurrency exchanges following the theft of almost $500m in digital currency from the Coincheck exchange’s wallet on Friday, 26 January.

Tokyo-based Coincheck suspended trading after about 58bn yen worth of NEM cryptocurrency was taken from customer wallets.

Tokyo exchange must offer explanation

According to Bloomberg, Coincheck disclosed the incident at a Friday press conference and today (29 January), spokesperson for the Japanese government Yoshihide Suga said Japan’s Financial Services Agency (FSA) would be imposing a “business improvement order” on the exchange.

Coincheck needs to submit a detailed report by 13 February, outlining the root causes of the incident as well as its response to customers and plans for improved risk management processes.

The FSA also said it will conduct on-site inspections of other bitcoin exchanges in Japan if necessary, according to Reuters. At present, there are some 16 cryptocurrency exchanges in the country so far, with another 16 awaiting clearance.

Fortune reported the NEM stake fell to about $430m after spooked investors sold off holdings due to rumours of the hack circulating on Friday, before it was officially announced.

According to CoinMarketCap, NEM dropped to $0.78 from $1.01 on Friday but recovered today, hitting the $0.97 mark. Other cryptocurrencies also took a hit, with bitcoin initially dipping 7pc against the dollar on the day of the hack.

Authorities in charge of NEM said they have a full account of all of Coincheck’s lost NEM tokens and noted that the hacker has not moved funds to other exchanges or personal accounts as of Monday.

Security issues at Coincheck

Coincheck kept customer assets in a ‘hot wallet’, which is linked to external networks. The general process for exchanges is to hold customer deposits in ‘cold wallets’, which are not connected to outside networks and therefore less vulnerable to bad actors.

The exchange also neglected to use multi-signature, a safeguard requiring multiple sign-offs before funds are moved.

Vice-president of the NEM Foundation Jeff McDonald said in a YouTube video that using multi-signature would have probably saved Coincheck a lot of trouble.

Coincheck CEO Koichiro Wada told press that the company had neither the staff nor the technological expertise to implement the security measures.

Refunds will be processed

The company says it will return about 90pc of the stolen currency in cash to the 260,000 customers who lost their holdings of NEM in the incident.

This is not the first massive cryptocurrency heist to hit Japan. In 2014, the Mt Gox exchange filed for bankruptcy after losing approximately half a billion US dollars worth of bitcoin.

This incident is likely to push the regulation conversation further, with many people calling for stricter security at digital currency exchanges.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com