The biggest single exchange hack ever happened in Japan, following in the path of the former record holder, Mt. Gox
Those who held Bitcoin through the Mt. Gox hack of 2014 experienced one of the most tumultuous times in cryptocurrency history, having seen some of the darkest days in the ecosystem. However, Mt. Gox has been overtaken as the biggest single exchange hack with Coincheck, also a Japanese exchange, taking the title.
While thieves walked away with a bigger payday from the recent hack, the effect on the entire cryptocurrency market was far less severe. Were there lessons that have been learnt from previous hacks? Or perhaps the market has become more secure and steady in the light of major tragedies.
In a strange twist of fate, Coincheck may have an offer tabled to it by Japanese brokerage firm, Monex, who are mulling over buying a majority stake in the cryptocurrency exchange.
Regardless of the aftermath, and the effects it could still have, it is important to go over the past few months and see how this 523 mln NEM coins hack, worth approximately $534 mln on Jan. 26, has moved things into place on Japan and the rest of the world.
‘Biggest theft in the history of the world’
The aftermath of the Mt. Gox hack was wrought by dark dealings and hidden facts, but the Coincheck one was handled far better as the heads of the exchange not only kept their investors in the loop, but made promises about reimbursing the lost funds.
It all began on Jan. 26 when Coincheck suspended all deposits in NEM on their exchange.
Later in the day, with suspicions high and tension thick, NEM Foundation president Lon Wong confirmed Coincheck was hacked, calling the stolen funds "the biggest theft in the history of the world." This figure beat Mt. Gox by just over $50 mln as the Mt. Gox hack was estimated at 850,000 BTC, valued at $473 mln at the time.
Once the hack was confirmed by the exchange, reported to have happened 3:00 AM local time on Jan. 26, there was a buzz of attention in the media, and concern from the users of Coincheck that were implicated in the massive hack.
It was then revealed that the hack resulted in a loss of 523 mln NEM coins, worth approximately $534 mln around Jan. 26. The coins were stolen via several unauthorized transactions from a hot wallet.
The news of the hack quickly spread via official channels, including the broadcasted press conference where details of how the hack happened were furnished. Unlike Mt. Gox, there was not so much confusion as to what took place. Coincheck, in that press conference explained what went on, and what would happen going forward.
The key information given out by Coincheck in their first public statement after the hack was as follows:
The hack only involved NEM Coins;
The hackers managed to steal the private key for the hot wallet where NEM coins were stored;
The stolen money belonged to the customers of the exchange; and
When Coincheck became aware of the breech, they halted withdrawals in the hope of stemming the drain.
The biggest issue that emerged with these details being made public was that Coincheck had kept its NEM stocks on a simple hot wallet rather than a much more secure multisig wallet.
The exchange claimed that the security setup differed between various coins on the exchange.
Other cryptocurrencies on the site were stored in multisig wallets, but the NEM was not. When pressed by the media, the company insisted that security standards were not low, however the lack of multisig protection for NEM did not seem to agree with that statement.
Moreover, Coincheck said that it had an eye on the stolen funds and was aware where they were being stored, with hopes of tracking the funds. The exchange also expressed its desire to try and repay all 260,000 users affected by the hack, as well as up its security and continue running as a business.
CEO Koichiro Wada stated:
“In addition to strengthening in-house monitoring as countermeasures against unauthorized access from the outside as in this case, we will be carrying out security monitoring by external expert institutions concerning financial systems security and cyber security.”
Repaying the stolen funds
Following their intentions to refund, Coincheck reiterated plans of working towards repaying all 260,000 victims of the NEM hack.
As of March 12, Coincheck announced their reparations plan as follows:
It would begin effective March 12
Reparations amount to 88.549 JPY x the amount held at 23:59:59 JST on Jan. 26, 2018
Qualifications for reparations: Users in possession of NEM on the platform at 23:59:59 JST on Jan. 26, 2018
Coincheck also confirmed that they would be remaining in business, and not filing for bankruptcy. This was almost in direct contrast to the way in which Mt. Gox handled its hack and its obligation to affected users; there are still many who are waiting for a refund from the 2014 hack.
With the dust settling after the hack, markets reacted surprisingly favorably.
【ビットコイン #BTC/JPY 24時間変動比】+3.26% (+38393) 1215835 #仮想通貨 #Coincheck pic.twitter.com/zNCfy4wqlZ https://t.co/SutXttxbPt
— おとぼけ王子 (@otoboke1ouji) January 27, 2018
Even more surprising was the reaction of NEM’s price at the announcement of Coincheck’s intentions to repay the lost funds. The price jumped nearly 30 percent.
Image source: Coinmarketcap
Japanese regulators’ reaction
Something that seemed far less surprising was the reaction from the Japanese regulators. The country had already been a victim of the biggest cryptocurrency hack in Mt. Gox, and now, it picked up the same record, but with a bigger margin.
Japan’s Finance Minister Taro Aso confirmed that the country’s Financial Services Agency (FSA) inspected the exchange in the wake of the hack. To this end, Coincheck also delivered their report to the FSA, indicating their intention to remain within the regulatory boundaries since being compromised.
While dealing with the regulators and the effects of the hack itself, including lining up funds to make repayments, the exchange still faced a fightback from some users who began filing lawsuits.
Heading into March, still without compensation, as many as 132 Coincheck users had begun filing a joint lawsuit in seeking reimbursement from the hack. This was added to the 10 other users who had already filed lawsuits in the middle of February.
More headaches came Coincheck’s way when Japanese regulators took the attack as a catalyst to delve deeper into the workings of cryptocurrency exchanges within the country.
Seven exchanges were punished by the regulators for poor security, and two were suspended, including Coincheck.
Keeping their word
Despite the fallout from the hack and the setbacks from lawsuits and the FSA, Coincheck, from March 12, began rolling out a plan to reimburse its users. Additionally, it also resumed partial trading on March 9.
The exchange opened up the withdrawals of some of the major cryptocurrencies and reiterated their intention to continue as a business with many improvements. Their statement read:
“We will solemnly and seriously take the measures we take carefully and will deeply reflect on ourselves and will drastically review our internal control system and management control system and will review the management strategy that thoroughly protects customers.”
A way out
The most recent development in the Coincheck saga has been a proposition from trading platform Monex to buy out Coincheck for what it says will be “billions of yen”.
Monex has offered to acquire a majority stake in Coincheck according to Nikkei Asian Review reports, citing unnamed sources. Monex is valued at around $870 bln and apparently has hopes of getting Coincheck back to full service.
A new way of handling things
The Mt. Gox story is still impacting the cryptocurrency market a number of years on with it rumoured that a sell off a few weeks ago by Mt. Gox bankruptcy trustee – Nobuaki Kobayashi – may have contributed to the three month downtrend in the cryptocurrency market.
The Coincheck hack, and everything that has followed, while bigger in terms of the money that went missing, has not been felt as much across the market.
The lessons that were learnt from the Mt. Gox hack has surely permeated every sector of the cryptocurrency market, and especially those who are in the business of running exchanges.
Coincheck, as a Japanese exchange, also certainly followed the unfolding of that original monumental hack in 2014, and must have taken some important notes.
It is also important to note that these hacks have nothing to do with security issues within the Blockchain, as journalist Teymoor Nabili points out.
The Coincheck & Mt Gox breaches were failures of corporate practice, not of the blockchain technology. Is the professor aware that the entire banking system is already linked into a system of ledgers, and that the traditional entities are equally, if not more, at risk?
— Teymoor Nabili (@teymoornabili) March 23, 2018
In essence then, the crimes committed are ones of circumstance, and not ones based around a faulty technology. Just like dollar bills are not blamed when banks are robbed, the Blockchain and its cryptocurrencies are not at fault here; although professor Steve Hanke, applied economist at Johns Hopkins University, disagrees.
No suspects named in the Coincheck OR Mt. Gox thefts. Soon, the bubble will burst and #cryptocurrency will serve as a warning for many in the future https://t.co/scwA6kq7NK
— Prof. Steve Hanke (@steve_hanke) February 4, 2018
Hacks are, as it stands, part and parcel of the cryptocurrency market place, but they are looking to be worked out. Japan’s involvement as a regulator is positive, ensuring security at exchanges and Coincheck’s decision to take on the hack head on is positive too.