In what is reported to be one of the biggest hacks in the history of cryptocurrency markets, a hacking attempt on the Tokyo-based Coincheck exchange managed to steal 500 million NEM tokens reportedly worth 58 billion yen or approximately $533 million USD at the time of hack.
After being aware of the matter, Coincheck immediately suspended trading activities on its platform. The incident soon created a wave of fear within crypto investors as the markets were seen reacting negatively. Later on Sunday, the exchange confirmed that it will be refunding its 260,000 customers, who were the holders of NEM digital currency, a total of 46 billion yen.
The announcement assured customers that their money will remain protected, but if the NEM tokens remain lost, all the amount that is paid as the refund will be given in the form of Coincheck losses.
Now, Japan’s financial watchdog Financial Services Agency (FSA) has taken an administrative action and has slammed the exchange for sloppy security services. The exchange has been asked to submit a report on the security loopholes and has been further asked to take an immediate action in order to resolve the vulnerabilities.
As reported by the local publication Nikkei, FSA announced the order in the latest press conference stating that “Inappropriate management of system risks had become the norm at Coincheck.” This sloppiness has cost the exchange quite heavily as the reported loss is much more than what was made during the Mt. Gox collapse due to hacking.
One of the major reasons reported for this theft is that Coincheck uses “hot wallets” which remain connected to the network all time. In case the digital assets were being stored in “cold wallets” that are not connected to the network, the theft could possibly have been prevented. However, Coincheck President Koichiro Wada said that such implementation was not possible at their end “due to technical reasons and understaffing.”
In addition to this, Coincheck is said to have compromised security in other aspects as well. Cryptocurrencies have got passcodes known as secret keys but are considered to be insufficient from a security point of view. As a result, exchanges usually provide an additional layer of security known as Multisig in order to reduce the risks of theft and protect the system from potential thefts. Coincheck did not use this system as well.
Vice President of NEM Foundation Jeff McDonald, has said that they would be cooperating with Coincheck in the further investigative process but denied the possibility of any “hard fork” where administrators change the transaction history in order to restore the previous status before any sort of unauthorized access.
McDonald further said that “We also have a full account for all of Coincheck’s lost XEM (NEM) on the blockchain. At this time, the hacker has not moved any of the funds to any exchange, nor to any personal accounts of NEM community members.”
Lon Wong, president of NEM foundation in an earlier statement to Coincheck said: “We would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn’t use them and that’s why they could have been hacked. They were very relaxed with their security measure.”
Nikkei further reports that FSA is extending its investigations to other cryptocurrency exchanges function in the country to prevent any such event from happening further. The investigation will include on-site inspections as well.
This incident has left a mark of caution and fear within investors just at the time when the crypto markets and digital currencies are gaining a lot of limelight with a huge number of investors seen signing up at the cryptocurrency exchanges.