Coincheck Cryptocurrency Exchange Theft: The Aftermath

On January 26th, the Japan based Coincheck Cryptocurrency became subject to one of the largest cryptocurrency heists ever. Hackers stole approximately $534 Million worth of XEM, the cryptocurrency of NEM token. Analysts have compared the scale of the hack to that of Mt Gox, the then famous Tokyo based cryptocurrency exchange. Mt Gox then filed bankruptcy as a result of the hack in which it lost $400 Million worth of Bitcoin back in 2014. But that’s because the hack was considerably large compared to the amount of cryptocurrency involved back then. Since then, the value of cryptocurrencies has risen drastically and therefore, thankfully, Coincheck will not be facing the same fate. However, Coincheck and the NEM foundation are working closely with authorities to recover the stolen currency.

Data security experts claim that hackers have dispersed stolen tokens in multiple digital addresses. They also say that since the breach, hackers have converted roughly $4.5 Million worth of tokens into other cryptocurrencies. They managed to identify an account, which they believe one of the hackers used to trade NEM tokens on the dark net. Close analysis revealed that roughly $4.5 Million worth of tokens were withdrawn from the account in more than 200 transactions.

NEM.io is a non-profit, Singapore based NEM promoting organization, says that it has tagged the stolen NEM tokens. This should help identify the stolen tokens as perpetrators try to transact with them. However, specialists and consultants say that the foundation is too slow to track the stolen tokens in order prevent the perpetrators from converting the stolen tokens into another currency.

Are Hot Wallets to Blame?

One of the key factors which facilitated the breach is the fact that the funds were stored on a low security hot wallet. Hot wallets are connected to the internet all the time which makes them more vulnerable to attacks. In fact, the breach actually occurred as a result of certain unauthorized transactions from the hot wallet containing NEM tokens.

The hackers managed to steal the private key associated with the hot wallet which enabled them to drain it. After observing the unusual movement of funds, Coincheck contacted FSA (Financial Services Agency) as well as the police. Experts suggest that one safeguarding major that exchanges can deploy is to limit the amount of funds stored in a hot wallet at a given time.

The hack has affected around 260,000 holders of NEM, who used to trade with Coincheck. The exchange has promised to issue full refund for all its customers affected by the hack. Since the hack however, Coincheck.Inc has suspended almost all of its trading activities in a bid to prevent further damage. On Friday, the exchange said that it will resume its services by Tuesday, February 13th . They will allow the customers to withdraw NEM tokens in Yen then. It’s not clear at this point, however, when the customers will be able to trade currencies other than NEM which they have stored in the exchange.