Regulator Orders Coincheck To Strengthen Security After $530-M Hack

Jan 29, 2018 at 11:20

Japan’s Financial Services Agency (FSA) has ordered Coincheck Inc., one of Japan’s largest cryptocurrency exchanges, to improve it operations after it lost $530 million worth of digital money to hackers—one of the biggest cyber heists on record.

Coincheck said it received an order from FSA to improve business operations in response to the illicit transfer of NEM coins (XEM) following the security breach.

It was tasked to investigate the cause of the illicit transfers,implement proper support for customers, strengthen measures to manage system risk and create new measures for system risk management and prevention of similar events in the future.

It was also directed to submit a written report to FSA by February 13.

“We earnestly accept the terms of the order and vow to re-examine our business practices while simultaneously striving to make all facts involved in this case clear, discover the root cause of the breach, safeguard our customers, and develop stronger and more effective measures for system risk management and prevention of similar events in the future,” Coincheck said.

Last week, the platform suspended all transactions on its platform, starting currencies with the restriction of NEM deposits, which was expanded to sales, purchases and withdrawals of the 10th largest digital currency by market capitalization.

The suspension spread to all withdrawals from the platform, including Japan yen, as well as purchases and sales of altcoins, credit card, Pay Easy, and convenience store payments.

This followed the unwarranted massive withdrawals of XEM from the exchange, which was stolen by hackers.

According to Reuters, Coincheck said the NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet,” which operates on platforms not directly connected to the internet.

In a separate statement, Foundation Vice President Jeff McDonald said they are working on solutions to help Coincheck and secure the NEM community.

“We also have a full account for all of Coincheck’s lost XEM on the blockchain. At this time, the hacker has not moved any of the funds to any exchange, nor to any personal accounts of NEM community members,” he said.

The company said the stolen funds can be traced on the NEM blockchain as it creates an automated tagging system.

“This automated system will follow the money and tag any account that receives tainted money. NEM has already shown exchanges how to check if an account has been tagged. So the good news is that the money that was hacked via exchanges can’t leave,” it said.

While tracing the lost NEM coins can’t be returned, Coincheck said it will pay affected customers back in the amount of 88.549 yen per coin.

It said approximately 260,000 customers were affected with the illicit transfer of 523 million XEM.

“All affected users will be repaid in JPY via Coincheck Wallet,” it said. “We are currently deciding on the best method for applying for reparations and the period in which they will be made. The principal used for reparations will be derived from company funds.”