Japanese cryptocurrency exchange under scrutiny after $530m cybertheft
HACKERS have reportedly stolen US$530 million of digital money from Tokyo-based exchange Coincheck, prompting Japanese authorities to launch a wide-scale investigation into all digital money exchanges in the country for security gaps.
The theft – one of the world’s biggest cyberheists – highlights the vulnerabilities in trading an asset that policymakers are struggling to regulate, as well as the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.
The Financial Services Agency (FSA) on Monday ordered improvements to operations at Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole JPY58 billion (US$534 million) of NEM coins, among the most popular digital currencies in the world.
Coincheck said on Sunday it would repay about 90 percent, though it has yet to figure out how or when.
“We realize that this illicit transfer of funds from our platform and the resulting suspension in services has caused immense distress to our customers, other exchanges, and people throughout the cryptocurrency industry, and we would like to offer our deepest and humblest apologies to all of those involved,” Coincheck said in a statement.
“In moving towards reopening our services, we are putting all of our efforts towards discovering the cause of the illicit transfer and overhauling and strengthening our security measures while simultaneously continuing in our efforts to register with the Financial Services Agency as a Virtual Currency Exchange Service Provider.
The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, which operates on platforms not directly connected to the internet, Coincheck said. It also does not use an extra layer of security known as a multi-signature system.
What is NEM?
According to Reuters, NEM (New Economy Movement) is a cryptocurrency launched in March 2015 by a team of five developers identifying themselves as Pat, Makoto, Gimre, BloodyRookie and Jaguar. Typical of most cryptocurrencies, NEM markets itself as a digital coin outside the control of governments and central banks, which can be used for fast, global transactions.
It is now the tenth largest cryptocurrency, with US$9 billion worth of NEMs in circulation, trading at just below US$1 per coin, Reuters reported.
The hack has drawn into focus Japan’s approach to regulating cryptocurrency exchanges. Last year, it became the first country to regulate exchanges at the national level – a move that won praise for boosting innovation and protecting consumers, contrasting sharply with crackdowns in South Korea and China.
The FSA said it ordered Coincheck to submit a report on the hack and measures for preventing a recurrence by Feb 13.
It added it would conduct hearings with other exchanges after their operators had run their own checks. If any problems or weaknesses with security were found during the course of the hearings, the FSA would also conduct onsite inspections.
The regulator also said it had yet to confirm whether Coincheck had sufficient funds for the reimbursement.
But the regulator does not have any rules banning the use of “hot wallets” by exchanges, nor does it set requirements on how much should be kept in “cold wallets,” an FSA official said at a briefing.
In response to FSA’s order for improvements, Coincheck said it would promptly strengthen its customer protection and governance and develop its risk management systems.
Japan started to require cryptocurrency exchange operators to register with the government only in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.
The FSA has registered 16 cryptocurrency exchanges so far, and another 16 are still awaiting clearance. Coincheck’s application was made in September.
“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.
“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever.”
NEM fell to US$0.78 from US$1.01 on Friday but recovered to US$0.95 by Monday evening, according to CoinMarketCap. Crypto-currency related shares mostly rose in Tokyo, with GMO Internet, which offers cryptocurrency exchange services, gaining 5.7 percent.
Exchange operators said the hack will likely cause concerns over security to grow among consumers, potentially pressuring the price of cryptocurrencies.
“All cryptocurrencies will now be tainted in their minds, so there may be a mid-term negative impact,” said Genki Oda, president of BitPoint Japan.
At a NEM-themed pub in the Shibuya entertainment district, Tokyoites took stock of the Coincheck hack – some paying for drinks in the cryptocurrency via their mobile phones.
Naoki Yamamoto, a 29-year-old financial services worker, said he had lost thousands of dollars worth of NEM coins.
“When I think about the damage that’s been done to other people, (my loss) isn’t bad at all,” he said. “Until the security of asset flows can be guaranteed, the market can’t be trusted.”
The Singapore-based NEM Foundation, which describes itself as a promoter of the technology underlying the cryptocurrency, said it had a tracing system on the NEM blockchain and that it had “a full account” of all of Coincheck’s lost NEM coins. It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to return the stolen funds to its owners.
In 2014, Tokyo-based Mt. Gox, which once handled 80 percent of the world’s bitcoin trades, filed for bankruptcy after losing bitcoins worth around half a billion dollars. More recently, South Korean cryptocurrency exchange Youbit last month shut down and filed for bankruptcy after being hacked twice last year.
World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with US Treasury Secretary Steven Mnuchin relating Washington’s concern about the money being used for illicit activity.
Japan’s top financial diplomat said regulation of cryptocurrencies would likely be on the agenda at the G20 finance chiefs’ meeting in Argentina in March.
South Korea will this week ban cryptocurrency traders from using anonymous bank accounts, to crack down on the criminal use of virtual coins. China, worried about financial risks from such trading, has ordered some exchanges in Beijing to close.
Additional reporting by Reuters
- Cryptojacking explained and solved
- LINE lines up cryptocurrency trading on its app
- Hackers trying to move Coincheck’s $530m stolen digital cash to other accounts
- Bitcoin nosedives as South Korea, China concerns grow
- South Korea’s battle against cryptocurrencies is an uphill task