Japan punishes Coincheck after $530m cryptocurrency theft

Coincheck has been ordered by Japan's financial regulator to get its act together after hackers stole $530 million worth of digital money from its exchange.
Written by Chris Duckett, Contributor

Japan's financial regulator has ordered Coincheck to get its act together after hackers stole $530 million worth of digital money from its exchange, jolting the nation's cryptocurrency market in one of the biggest cyber heists.

The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.

The Financial Services Agency (FSA) said on Monday it has ordered improvements to operations at Tokyo-based Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen of NEM coins.

Coincheck said on Sunday it would return about 90 percent with internal funds, though it has yet to figure out how or when.

Japan started to require cryptocurrency exchange operators to register with the government in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.

The FSA has registered 16 cryptocurrency exchanges so far, and another 16 or so are still awaiting approval while continuing to operate.

Coincheck has said its NEM coins were stored in a "hot wallet" instead of the more secure "cold wallet", outside the internet.

NEM fell to $0.78 from $1.01 on Friday, before recovering to around $0.97 on Monday, according to CoinMarketCap.

Singapore-based NEM Foundation said it had a tracing system on the NEM blockchain and that it had "a full account" of all of Coincheck's lost NEM coins.

It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to independently return the stolen funds to its owners.

World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with US Treasury Secretary Steven Mnuchin relating Washington's concern about the money being used for illicit activity.

Within the world of cryptocurrencies, theft is as regular as investors declaring "this time it is different" and "this is good for bitcoin".

Last week, a report from Ernst & Young said over 10 percent of all funds exchanged during initial coin offerings were finding their way into the hands of criminals. This works out to roughly $400 million in cryptocurrency from $3.7 billion in funding between 2015 and 2017.

In December, bitcoin mining platform and exchange NiceHash was hit, with 4,736.42 in bitcoin disappearing in the attack. At the time, the bitcoin was worth around $68 million, but the price of the cryptocurrency has dropped since.

Security firm SecureWorks said in December it had uncovered a spearphishing campaign targeting employees at cryptocurrency firms in a bid to steal bitcoin. The attacks are thought to be the work of The Lazarus Group, a hacking operation believed to be associated with North Korea.

"Our inference based on previous activity is that this is the goal of the attack, particularly in light of recent reporting from other sources that North Korea has an increased focus on bitcoin and obtaining bitcoin," Rafe Pilling, senior security researcher at SecureWorks, told ZDNet at the time.

Due to the pseudonymous nature of bitcoin, criminals have been looking at other more anonymous digital currencies such as Monero and Zcash.

A new technique for cryptocurrency mining has appeared in the form of JavaScript served up to website visitors, typically through ad units that spike CPU usage. One of the most popular scripts is from Coinhive, which in October asked that site owners make users aware of what is going on.

"We're a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what's going on, let alone asking for their permission," the company said. "We believe there's so much more potential for our solution, but we have to be respectful to our end users."

With AAP

Related Coverage

Cryptocurrency under scrutiny in South Korea

The South Korean government said it is considering both options of either shutting down all virtual currency exchanges or just the ones that are breaking the law.

Venezuela asks other countries to adopt oil-backed cryptocurrency

The plea follows a parliamentary ruling that the cryptocurrency is illegal.

Kodak announces the KodakCoin blockchain cryptocurrency

The KodakCoin cryptocurrency and the KodakOne rights management platform will both be backed by blockchain security, Kodak has announced.

Cryptocurrency: Reasons to be skeptical (TechRepublic)

When it comes to cryptocurrency, let the buyer beware and be aware, says TechRepublic's Brandon Vigliarolo.

Why cryptocurrency needs to get more user-friendly to achieve mainstream success (TechRepublic)

Cryptocurrency is complex, nuanced, and hard to use. Geoff McCabe and Tim Sanders explain how the Divi Project makes blockchain-based transactions as easy as PayPal.

How one hacker stole $226K worth of cryptocurrency from Oracle servers (TechRepublic)

An Oracle vulnerability published in December allowed attackers to mine the Monero cryptocurrency, but they don't seem to be stealing data.

Editorial standards