Bitcoin: Japan regulators punished Coincheck after $530 million cryptocurrency theft

6 years ago - Published in Fintech Land

Japan’s financial regulator has ordered Coincheck to get its act together after hackers stole $530 million worth of digital money from its exchange, jolting the nation’s cryptocurrency market in one of the biggest cyber heists.

The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.

The Financial Services Agency (FSA) on Monday ordered improvements to operations at Tokyo-based Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen ($534 million) of NEM coins, among the most popular digital currencies in the world.

Coincheck said on Sunday it would return about 90 percent with internal funds, though it has yet to figure out how or when.

The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, outside the internet, Coincheck said. It also does not use an extra layer of security known as a multi-signature system.

Japan started to require cryptocurrency exchange operators to register with the government in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.

The FSA has registered 16 cryptocurrency exchanges so far, and another 16 or so are still awaiting approval while continuing to operate.

“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.

“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever.”

One of the reasons for the theft of NEM coins was the use of “hot wallets,” which are connected to networks at all times. Unauthorized access could have been prevented if the digital money had been managed with “cold wallets,” but the exchange could not provide this “due to technical reasons and understaffing,” said Coincheck President Koichiro Wada.

Coincheck failed to manage other parts of its operation as well. Cryptocurrencies have passcodes called secret keys, but they are not sufficient to protect the system from being hacked.

Therefore, exchanges use a system of separately managing different secret keys called Multisig, so as to protect the system from being hacked and reduce the risk of theft. However, Coincheck did not use this system to manage NEM tokens.

NEM fell to $0.78 from $1.01 on Friday, before recovering to around $0.97 on Monday, according to CoinMarketCap.