Coincheck has been ordered by Japan’s financial regulator to get its act together after hackers stole $530 million worth of
digital money from its exchange.
Japan’s financial regulator has ordered Coincheck to get its act together after hackers stole $530 million worth of digital money
from its exchange, jolting the nation’s cryptocurrency market in one of the biggest cyber heists.
The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader
risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.
The Financial Services Agency (FSA) said on Monday it has ordered improvements to operations at Tokyo-based Coincheck, which on
Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen of NEM coins.
Coincheck said on Sunday it would return about 90 percent with internal funds, though it has yet to figure out how or when.
Japan started to require cryptocurrency exchange operators to register with the government in April 2017, allowing pre-existing
operators such as Coincheck to continue offering services ahead of formal registration.
The FSA has registered 16 cryptocurrency exchanges so far, and another 16 or so are still awaiting approval while continuing to
Coincheck has said its NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, outside the internet.
NEM fell to $0.78 from $1.01 on Friday, before recovering to around $0.97 on Monday, according to CoinMarketCap.
Singapore-based NEM Foundation said it had a tracing system on the NEM blockchain and that it had “a full account” of all of
Coincheck’s lost NEM coins.
It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to
independently return the stolen funds to its owners.
World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with US Treasury Secretary
Steven Mnuchin relating Washington’s concern about the money being used for illicit activity.
Within the world of cryptocurrencies, theft is as regular as investors declaring “this time it is different” and “this is good for
Last week, a report from Ernst & Young said over 10 percent of all funds exchanged during initial coin offerings were finding
their way into the hands of criminals. This works out to roughly $400 million in cryptocurrency from $3.7 billion in funding
between 2015 and 2017.
In December, bitcoin mining platform and exchange NiceHash was hit, with 4,736.42 in bitcoin disappearing in the attack. At the
time, the bitcoin was worth around $68 million, but the price of the cryptocurrency has dropped since.
Security firm SecureWorks said in December it had uncovered a spearphishing campaign targeting employees at cryptocurrency firms
in a bid to steal bitcoin. The attacks are thought to be the work of The Lazarus Group, a hacking operation believed to be
associated with North Korea.
“Our inference based on previous activity is that this is the goal of the attack, particularly in light of recent reporting from
other sources that North Korea has an increased focus on bitcoin and obtaining bitcoin,” Rafe Pilling, senior security researcher
at SecureWorks, told ZDNet at the time.
Due to the pseudonymous nature of bitcoin, criminals have been looking at other more anonymous digital currencies such as Monero
ad units that spike CPU usage. One of the most popular scripts is from Coinhive, which in October asked that site owners make
users aware of what is going on.
“We’re a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users
what’s going on, let alone asking for their permission,” the company said. “We believe there’s so much more potential for our
solution, but we have to be respectful to our end users.”