Japan’s Coincheck suffers record $530m virtual currency theft
Cryptocurrency exchange Coincheck has confirmed that some 58 billion yen ($534 million) in customers’ virtual currency holdings were taken from its wallets Friday, in what appears to be the biggest virtual currency heist to date.
At around 3 a.m. Friday, essentially all NEM — a type of virtual currency — held by the Tokyo-based exchange was illicitly transferred out of its digital coffers. Coincheck discovered the breach after 11 a.m., and soon halted withdrawals in all currencies. Trading is on hold for all virtual currencies except bitcoin.
The exchange is currently determining how many customers were affected, and has said it is considering possible responses, including compensation for those whose NEM was taken.
Coincheck managed its NEM accounts on systems vulnerable to hacking via external networks. Such an attack may have been behind Friday’s theft.
Coincheck “deeply regrets” the incident, CEO Koichiro Wada told reporters Friday night. The company “is currently determining what impact the breach will have on our finances,” said Yusuke Otsuka, chief operating officer. The theft has been reported to Japan’s Financial Services Agency as well as to police, and the exchange is urging its peers to halt trading in NEM.
Lon Wong, president of the Nem.io Foundation created to promote the technology underlying NEM, wrote on twitter that “It’s unfortunate that Coincheck got hacked,” but said the foundation is “doing everything we can to help.”
Coincheck is one of Japan’s top virtual currency exchanges, alongside Tokyo-based bitFlyer. It has attracted users by offering a wide variety of cryptocurrencies. While Coincheck does not say how many accounts it hosts, an industry insider says the exchange holds “hundreds of billions of yen in customer assets.” Customers took to social media Friday night, airing concerns about the fate of their cash and cryptocurrency holdings.
Since April 2017, Japan has required cryptocurrency exchanges to register with the FSA and manage customer accounts separately from the exchange operator’s own funds. More than one-third of the roughly 40 exchanges in Japan before those requirements took effect have folded rather than make the necessary investments to upgrade their systems. Coincheck has applied for registration, though its application remains under review.
These rules are largely a response to the 2014 collapse of Japanese bitcoin exchange Mt. Gox — then the largest in the world — after hackers stole roughly 47 billion yen in bitcoin holdings. But it is questionable whether other exchanges have taken the lessons of that incident to heart.
“Taking security measures yields no clear benefit in terms of attracting customers,” and so many exchanges “have been lax” on that front, according to Takenori Kiuchi, a cybersecurity expert at NRI Secure Technologies. Despite fairly small outlays on systems development, exchanges have been spending heavily on ads to attract new customers. Coincheck, for example, began in late December broadcasting television commercials featuring a popular comedian.
The risks of leaving exchange systems connected to the internet, as may have been the case at Coincheck, is well-documented. North Korea is thought to have launched a number of cryptocurrency raids, including a recent attempted attack on 10 South Korean exchanges. Personnel linked to those exchanges received an email containing malware that could have stolen passcodes to exchange accounts.
These threats have even forced some South Korean exchanges to shut down. An attack in December on Seoul-based Youbit robbed the exchange of nearly 20% of its asset reserves, forcing parent Yapian to file for bankruptcy.
A recent upswing in virtual currency trading has made addressing security risks all the more pressing. At its peak in December, bitcoin was worth 20 times what it was at the beginning of 2017. Even novice investors plunged funds into all manner of cryptocurrencies, fearful of missing out on the next big opportunity.
Around 40% of bitcoin trading is conducted in yen, the highest share attributable to any currency in the world. Around 1 million Japanese residents were said to have virtual currency accounts in the latter half of 2017; that figure recently seems to have surpassed 1.5 million.
Enjoy our free content ? Try our Legend services.
- Star Level
- Access to Grendz and the right to READ and SHARE our science techie green pins
- The right to WRITE and SHARE your OWN science techie green pins
- WEEKLY mind-blowing e-report with trends and news, never miss what is grendzing.
- Customization Capability on which trends categories you want us to follow closer.
- P2P Advice From our team and members
- Our iOS or Android app for free
- First to know about new trends and news
- Weekly social media promotions (through Grendz social media presence) of your own pins (tech, science, green related) that may include: Your own service, products, PR or/and business related
- Technology Procurement Grendz Researchers can search for specific technologies or innovations that matches your company business and give you contacts and information that will help you to aquire or implement those technologies (Limit to 3 procurement requests per month)
- Team Members Company access to up to 3 members included in the company legend package.
- No ads and no sales pitch
- 24h Support (via e-mail)
- Cancel anytime your renewal