Coincheck hack: Bitcoin exchange security under scrutiny after $534m cryptocurrency theft

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Japan’s financial regulator says it will inspect all cryptocurrency exchanges in the country if it needs to, after $534m worth of bitcoin alternative NEM was stolen by hackers.

58bn yen (£380m) was taken from the Coincheck exchange last week. The incident is believed to be the largest case of cryptocurrency theft there has been so far.

Japan’s Financial Services Agency (FSA) has told Coincheck to come up with measures that will prevent such an attack from happening again.

It could also take a closer look at other cryptocurrency exchanges in the country, amid fears that similar attacks could follow.

The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.

Coincheck said on Sunday it would return about 90 per cent with internal funds, though it has yet to figure out how or when.

The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, which operates on platforms not directly connected to the internet, Coincheck said. It also does not use an extra layer of security known as a multi-signature system.

The hack has drawn into focus Japan’s approach to regulating cryptocurrency exchanges. Last year, it became the first country to regulate exchanges at the national level – a move that won praise for boosting innovation and protecting consumers, and that contrasts sharply with crackdowns in South Korea and China.

The FSA said it ordered Coincheck to submit a report on the hack and measures for preventing a recurrence by 13 February, and that it will, if necessary, conduct on-site inspections of other cryptocurrency exchanges.

The regulator also said it has yet to confirm whether Coincheck had sufficient funds for the reimbursement.

But the regulator does not have any rules banning the use of “hot wallets” by exchanges, nor does it set requirements on how much should be kept in “cold wallets,” an FSA official said at a briefing.

In response to FSA’s order for improvements, Coincheck said in a statement that it would promptly strengthen its customer protection and governance, and develop its risk management systems.

Japan started to require cryptocurrency exchange operators to register with the government only in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.

The FSA has registered 16 cryptocurrency exchanges so far, and another 16 are still awaiting clearance. Coincheck’s application was made in September.

“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.

“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever.”

NEM fell to $0.78 from $1.01 on Friday but recovered to $0.95 late on Monday afternoon, according to CoinMarketCap. Cryptocurrency related shares mostly rose in Tokyo, with GMO Internet, which offers cryptocurrency exchange services, gaining 5.7 per cent.

Exchange operators in Tokyo said the Coincheck hack will likely cause concerns over security to grow among consumers, potentially pressuring the price of cryptocurrencies.

“I have to admit that all cryptocurrencies will now be tainted in their minds, so there may be a mid-term negative impact,” said Genki Oda, president of BitPoint Japan.

Singapore-based NEM Foundation said it had a tracing system on the NEM blockchain and that it had “a full account” of all of Coincheck’s lost NEM coins. It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to return the stolen funds to its owners.

In 2014, Tokyo-based Mt. Gox, which once handled 80 per cent of the world’s bitcoin trades, filed for bankruptcy after losing around half a billion dollars worth of bitcoins. More recently, South Korean cryptocurrency exchange Youbit last month shut down and filed for bankruptcy after being hacked twice last year.

World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with U.S. Treasury Secretary Steven Mnuchin relating Washington’s concern about the money being used for illicit activity.

Japan’s top financial diplomat said regulation of cryptocurrencies would likely be on the agenda at the G20 finance chiefs’ meeting in Argentina in March.

South Korea will this week ban cryptocurrency traders from using anonymous bank accounts to crack down on the criminal use of virtual coins. China, worried about financial risks from such trading, has ordered some exchanges in Beijing to close.

Additional reporting by Reuters

We’ve teamed up with cryptocurrency trading platform eToro. Click here to get the latest Bitcoin rates and start trading. Cryptocurrencies are a highly volatile unregulated investment product. No EU investor protection. 75% of retail investor accounts lose money when trading CFDs.