Japan’s Financial Services Agency is set to fine Coincheck, a popular Japanese cryptocurrency exchange that $534 million worth of NEM tokens were stolen from last week, although the amount of the fine is not yet known. The regulator also ordered Coincheck to improve its operations, and has announced that it will be inspecting all domestic cryptocurrency exchanges.
According to a Reuters report, hackers were able to access the NEM tokens because the exchange was storing them online in a ‘hot’ wallet instead of an offline ‘cold’ wallet. Coincheck also was not making use of a multisig (multi-signature) security system that is standard on most large-scale exchanges.
On Sunday, Coincheck released a statement saying that it would be returning $0.81 for each dollar of the stolen NEM using internal funding, but how or when that will happen (or whether Coincheck has the funds to cover the loss) is still unclear. Coincheck halted trading in all currencies except Bitcoin following the attack.
The FSA has ordered Coincheck to submit an official incident report as well as a plan for preventing similar incidences in the future by mid-February.
The price of NEM briefly fell from around $1.01 to as low as $0.77 following the attack, but has since recovered to roughly $0.95.
The hack–and Coincheck’s reaction to it–represents an important moment in Japan’s relationship with cryptocurrency. The country has been at the forefront of crypto regulation since its 2017 Virtual Currency Act, which legitimized Bitcoin and Ether as forms of payments and created licensure for exchanges, among other things.
Security and Regulation Still Have a Long Way to Go in the Cryptosphere
Co-founder of DataTrek Research Nicholas Colas told CNBC that the Coincheck hack, which is the largest exchange hack in history, is unlikely to be the last one. He thinks that the attack “does highlight the fact that the industry still has a long way to go in terms of basic issues of security.”
In addition to improved cybersecurity, the attack also highlights the need for a more solid set of legal structures to deal with crypto hacks.
For example, more than a year after the hacking of the DAO, an incident in which hackers made off with $55 million worth of Ether, no one connected to the crime has been identified or punished, and the SEC is just beginning to enforce certain ICO standards.
Additionally, victims of the infamous Mt Gox hack that took place in 2014 are still waiting for justice. Although Alexander Vinnik has been identified as the suspect behind the hack in 2017, none of the users who lost their BTC have received a dime of compensation.
We can only hope that justice will be served to victims of the Coincheck hack.