Hack Flashback: Coincheck, January 2018 — The Biggest Cryptocurrency Hack To Date
From the end of January till the end of February, the most significant exchange hacks in cryptocurrency history have occurred, including the two largest ones. In this series, we will cover the most notable exchange hacks in this time period of 1 month. The hacks covered a total value of over $1 billion, being two-thirds of the all-time amount of $1.6 billion. Today, we are covering the biggest exchange hack that the crypto world has seen: the Coincheck hack.
One year ago on the 26th of January, the Japanese cryptocurrency exchange known as Coincheck was hacked for a total value of $534,800,000. This half a billion dollar hack is renowned for being the biggest cryptocurrency hack to date, topping even the infamous Mt. Gox hack of 2014.
What exactly happened during the Coincheck hack?
For unknown reasons, Coincheck decided to keep their NEM (XEM) in a single hot wallet — an internet connected wallet. This left all of the exchange’s NEM tokens vulnerable to hacks. This concerned a vast amount of 500,000,000 NEM tokens, having a value of $534,8 million at the time. Not only that, but the exchange did not use a security feature built within the NEM network: the Multisig Contract Smart Signing App. This entails exchange managers would need to sign large transactions.
Without this feature, Coincheck’s NEM hot wallet was easy prey. Once the hackers were able to access this single wallet address, it was an easy job to instantly obtain all of these crypto assets.
What happened to the victims of the Coincheck hack?
Coincheck got bought out by the Monex Group in April 2018. Once acquired, the Monex group worked revised the crypto assets that Coincheck would be working with and re-opened later that year. Two months after the hack, Coincheck did manage to reimburse those impacted by it. The amount reimbursed was, however, lower than the trading price of NEM at the time of the hack. Whereas the value of the hack concerned $534,8 million, the reimbursement remained at $430 million, leaving a gap of $100 million.
How could Coincheck’s clients have been kept safe from this hack?
While NEM support has yet to be developed for Ledger devices, generally speaking it would be recommended to move the majority of your crypto assets to cold storage (a cryptocurrency wallet that is not connected to the internet). A Ledger hardware wallet is a great example of one. Ledger equally keeps working on expanding its list of compatible crypto assets, currently totaling a vast 1181 supported cryptocurrencies.
What Coincheck’s hack has taught us is that cryptocurrency exchanges remain vulnerable to hacks. Coincheck’s clients could, however, have ensured that the majority of their (NEM) crypto assets were not held on an exchange.
As Kraken’s CEO Jesse Powell stated: “Please do not store more coins on an exchange (including Kraken) than you need to actively trade.” He recommended using hardware wallets, naming Ledger as well, for long-term storage of crypto assets.
Even though the amount reimbursed might not be the same, those impacted by the Coincheck hack were lucky enough to see the largest part of their assets reimbursed. This is, however, not always the case during cryptocurrency exchange hacks…
Keep your crypto assets secure, everywhere you go: the Ledger Nano X can currently be pre-ordered — click on the banner underneath for more information.
Originally published at www.ledger.fr on January 29, 2019.