LACK OF SECURITY EXPERTSDespite being warned before the incident to address security concerns about customer asset management by Japan’s Financial Securities Agency (FSA), Coincheck failed to take basic security measures. Firstly, Coincheck was using Internet-connected “hot” wallets for storage. As with many exchanges, Coincheck states on its website that virtual currency is stored offline in “cold” wallets when not being traded, but the company’s CEO admitted in a press conference that the over 5 million NEM coins were not. Coincheck also did not use the multi-signature system recommended by the Singapore-based NEM Foundation that requires more than one cryptographic key to execute a transaction. This system is similar to multifactor authentication systems used to protect online accounts and makes it more difficult for hackers to access funds. Coincheck’s CEO stated these security measures hadn’t been implemented due to the technical difficulty and the lack of knowledgeable staff.
SPEED BUMP OR ROADBLOCK?Japan is a major player in virtual currency. In April 2017, the Japanese government revised the Payment Services Act to recognize bitcoin as legal tender. In addition, the FSA has registered 16 cryptocurrency exchanges as of mid-January, and about 16 more are waiting for clearance, including Coincheck, which applied in September. With these governmental approvals, it is not surprising that a large percentage of the world’s bitcoin trade volume is conducted in yen. These regulations, which were put into place after Tokyo-based Mt. Gox, the first major bitcoin exchange, lost nearly ¥50 billion worth of virtual currency in 2014, were intended to prevent problems like the Coinbase hack. Since the hack, the FSA has taken additional steps. It ordered all registered and applying Japanese exchanges, excluding Coincheck, to submit internal inspections based on a checklist of 43 items, including details of customer asset management systems and cyberattack countermeasures. The FSA will analyze the reports and then decide whether on-site inspections are necessary. David Moskowitz, who runs a social network for blockchain enthusiasts, told the Japan Times that the Coincheck hack will likely have two immediate effects: more regulation of exchanges and greater recognition of the advantages offered by non-centralized, peer-to-peer trading.
Join our growing number of users! Find your your global career today.
If you want to subscribe to our monthly newsletter, please submit the form below.
Also published on Medium.