Coincheck Hack Puts Focus on Cryptocurrency Security and Regulations

2 min read

On January 26, Coincheck, a Tokyo-based cryptocurrency exchange, discovered an anomaly on its systems at 11:25 AM. Between about noon and 1 PM, the exchange stopped deposits, trading, and then withdrawals of the virtual currency NEM. At 4:33 PM, withdrawals of all currencies, including Japanese yen, were stopped. At 5:23 PM, trading in all currencies except Bitcoin was stopped. Investigations estimated that the incident, which began 11 hours before it was detected, resulted in the loss of about ¥58 billion ($532 million) of Coincheck’s NEM virtual currency holdings. If true, the hacking will surpass the ¥48 billion ($480 million at the time) lost by bitcoin exchange Mt. Gox in February 2014. In a blog post on January 28, Coincheck described its compensation plan for its nearly 260,000 customers who hold NEM. While the timing and procedures of the compensation were still under review, the company said it planned to use its own money to pay back users in Japanese yen.

LACK OF SECURITY EXPERTS

Despite being warned before the incident to address security concerns about customer asset management by Japan’s Financial Securities Agency (FSA), Coincheck failed to take basic security measures. Firstly, Coincheck was using Internet-connected “hot” wallets for storage. As with many exchanges, Coincheck states on its website that virtual currency is stored offline in “cold” wallets when not being traded, but the company’s CEO admitted in a press conference that the over 5 million NEM coins were not. Coincheck also did not use the multi-signature system recommended by the Singapore-based NEM Foundation that requires more than one cryptographic key to execute a transaction. This system is similar to multifactor authentication systems used to protect online accounts and makes it more difficult for hackers to access funds. Coincheck’s CEO stated these security measures hadn’t been implemented due to the technical difficulty and the lack of knowledgeable staff.

SPEED BUMP OR ROADBLOCK?

Japan is a major player in virtual currency. In April 2017, the Japanese government revised the Payment Services Act to recognize bitcoin as legal tender. In addition, the FSA has registered 16 cryptocurrency exchanges as of mid-January, and about 16 more are waiting for clearance, including Coincheck, which applied in September. With these governmental approvals, it is not surprising that a large percentage of the world’s bitcoin trade volume is conducted in yen. These regulations, which were put into place after Tokyo-based Mt. Gox, the first major bitcoin exchange, lost nearly ¥50 billion worth of virtual currency in 2014, were intended to prevent problems like the Coinbase hack. Since the hack, the FSA has taken additional steps. It ordered all registered and applying Japanese exchanges, excluding Coincheck, to submit internal inspections based on a checklist of 43 items, including details of customer asset management systems and cyberattack countermeasures. The FSA will analyze the reports and then decide whether on-site inspections are necessary. David Moskowitz, who runs a social network for blockchain enthusiasts, told the Japan Times that the Coincheck hack will likely have two immediate effects: more regulation of exchanges and greater recognition of the advantages offered by non-centralized, peer-to-peer trading.
Join our growing number of users! Find your your global career today.

Also published on Medium.

×

Sign up with us to learn more today!

Sign up with us to learn more today!

Subscribe Now