Breach Notification , Fraud Management & Cybercrime , Incident & Breach Response

Japanese Cryptocurrency Exchange Suffers $530 Million Theft

Coincheck Says It Was Hacked; Stolen XEM Altcoin Transactions to be Blocked
Japanese Cryptocurrency Exchange Suffers $530 Million Theft
Coincheck CEO Koichiro Wada has apologized for the breach. (Photo: Coincheck)

Coincheck, a Tokyo-based cryptocurrency exchange, says it's about $530 million poorer after a hacker stole customers' cryptocurrency from its coffers. The company says a hacker appeared to have gained unauthorized access to its hot wallet after obtaining the private key used to protect it (see Cybercriminals Go Cryptocurrency Crazy: 9 Factors).

See Also: Improving Security Compliance in The Financial Industry With Data Privacy Regulations

Cryptocurrency typically gets stored in wallets, with hot wallets referring to internet-connected repositories that enable exchanges and service providers to facilitate instant payments. Such wallets have been the focus of many online attackers' efforts in recent months as the value of bitcoin in particular has skyrocketed (see Report: Investigators Eye North Koreans for Exchange Hack).

The first sign of trouble at Coincheck appeared Friday, when the exchange warned customers that it was halting sales, purchases and withdrawals of cryptocurrency called XEM. Later in the day, the exchange also suspended withdrawals of Japanese yen, all credit card payments as well as purchases and sales of cryptocurrencies other than bitcoin.

On Saturday, the exchange said that 523 million XEM - at the time, worth about ¥58 billion or $530 million - had been stolen from 260,000 of its customers. The firm says it immediately reported the theft to police as well as the Financial Services Agency, the Japanese government's financial regulator responsible for overseeing the country's banking, insurance and securities and exchange sectors.

"We are deeply sorry for troubling people with this issue," Coincheck CEO Koichiro Wada told reporters in a nearly 90-minute news conference on Friday that stretched into the early hours of Saturday, Japan Times reports.

On Sunday, the company said it was offering reparations to customers at the rate of ¥88.549 for every XEM coin held. "We are currently deciding on the best method for applying for reparations and the period in which they will be made," the company says. "The principal used for reparations will be derived from company funds."

The value of XEM fell by about 20 percent following the news of the heist, but has since regained its value.

The recent value XEM to the U.S. dollar. (Source: CryptoCompare)

Coincheck had become well known across Japan after running commercials on television as well as online featuring a well-known celebrity, leading reporters to question Wada as to whether the company prioritized marketing at the expense of cybersecurity, Japan Times reports.

XEM is an altcoin - meaning any type of cryptocurrency that isn't bitcoin - that was launched by the Singapore-based New Economy Movement in March 2015. The peer-to-peer blockchain NEM developed is being used for an open source effort dubbed Mijin, which is building a blockchain that could be used for commercial purposes. The project says more than 300 companies are currently testing Mijin, including two Japanese financial services firms.

Top 10 Cryptocurrencies by Market Capitalization

As of Jan. 29. (Source: CoinMarketCap)

Stolen Funds Can Be Traced

Whoever stole the XEM, however, may not get to convert it to cash.

On Saturday, NEM said it was building a system to tag all of the stolen XEM, which would flag any attempted transactions at other exchanges, leading to them being blocked.

"We have APIs to track money [in] real time and share with exchanges," a company spokeswoman tweeted.

The organization promised to enable such tracking by Monday. "This automated system will follow the money and tag any account that receives tainted money," the spokeswoman tweeted. "NEM has already shown exchanges how to check if an account has been tagged. So the good news is that the money that was hacked via exchanges can't leave."

So the attackers likely will have to hold onto the stolen cryptocurrency, and they'll have little, if any, chance to ever convert it to other cryptocurrencies or cash.

Mt. Gox Heist

Coincheck isn't the first cryptocurrency exchange to have suffered a massive hack attack.

The biggest previous attack targeted Mt. Gox, another Tokyo-based exchange. In 2014, blaming "weaknesses in our system," Mt. Gox CEO Mark Karpeles reported that a hacker had stolen 850,000 bitcoins, then worth about $480 million, as well as $28 million in cash from the exchange's bank accounts. Mt. Gox quickly declared bankruptcy, and Japanese authorities launched an investigation.

Earlier this year Karpeles, who's a French national, pleaded not guilty to charges that he embezzled funds and illegally manipulated data (see Feds Indict Russian Over BTC-e Bitcoin Exchange).

Cryptocurrency Fever

Cryptocurrency fever is rife in Asia. Website CryptoCompare.com reports that in the past month, the Japanese Yen has accounted for about 30 percent to 40 percent of bitcoin's trading volume.

Following the collapse of Mt. Gox, Japanese officials began to keep a closer eye on cryptocurrency exchanges. Last April, Japan recognized bitcoin as legal tender but also required all bitcoin exchange operators to register with the FSA and submit annual reports. After those rules went into effect, 16 cryptocurrency exchanges ceased operations.

The FSA now has the power to investigate any exchange, conduct onsite inspections and issue improvement orders to exchange operators.

Last September, the FSA said it had approved 11 companies as operators of cryptocurrency exchanges and was still reviewing 17 other applications. As of Jan. 17, the FSA said there were 16 registered exchanges in operation, Japan Times reports.

While Coincheck has not been approved as a registered operator, it has applied to be one.

Coincheck Faces Japanese Regulators

Japanese authorities have moved quickly following the Coincheck heist. On Monday, the exchange reported that it had "received an order to improve business operations ... in response to the illicit transfer of the cryptocurrency NEM following a breach of our platform" from the FSA.

Coincheck says it's been ordered to:

  • Investigate the facts and causes surrounding the hacking;
  • Properly support its customers;
  • Strengthen its system risk practices;
  • Create new system risk management capabilities, to prevent similar events from recurring, as well as ensure it clearly delineates who has responsibility for every risk it has identified;
  • Submit a written report regarding the above four items to the FSA by Feb. 13.

"We will do our utmost to enact meaningful changes to our platform in order to regain the trust of our customers and the community," the company said in response to the government's order to improve business operations. "We would like to offer our deepest and humblest apologies to all of those involved."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.