January 30, 2018
Coincheck Inc., which operates one of Japan’s leading cryptocurrency platforms, lost ¥58 billion ($530 million) of customers’ assets to an unauthorized person from outside the system. The dollar figure represents 523 million units of the virtual currency NEM and is the largest cryptocurrency theft to date. Previously, the loss of $450 million in bitcoin from Japan’s Mt. Gox exchange was the biggest theft. Whether this puts a damper on the white-hot craze for bitcoin and its related virtual currencies remains to be seen.
The Wall Street Journal reports that, although some of the bitcoin stolen in the 2014 Mt. Gox theft was eventually recovered, the company went bankrupt. Some creditors, however, are still trying to get their money back, nearly four years later. The Coincheck theft “shows how vulnerable investors remain in this nascent field, despite numerous efforts by regulators to reduce the risk of cyberattacks.”
“We have a long way to go until we have the same level of operating security as traditional financial institutions,” said University of Tulsa cybersecurity professor Tyler Moore. It’s not known how many, if any, U.S. investors were impacted.
In a WSJ opinion piece, Securities and Exchange Commission chairman Jay Clayton and Commodity Futures Commission chairman J. Christopher Giancarlo noted that, “many cryptrocurrencies’ prices are set on offshore platforms that don’t register with the agencies.” Cryptocurrency exchanges also “often don’t have large compliance staffs, compared with regulated exchanges and banks,” and “usually hold customers’ money in company accounts, giving thieves a single target to hit.” With the stateless nature of cryptocurrencies, “transactions … are often irreversible.”
Bloomberg reports that several governments are looking into regulating cryptocurrencies; “Japanese policy makers began a new licensing system for the venues just a few months ago, while regulators in South Korea are debating whether to ban exchanges outright.” “The latest theft will have two immediate effects: more regulation by authorities over exchanges and more recognition of the advantages offered by decentralized ways of trading,” said Indorse Pte co-founder David Moskowitz.
In Japan, Chief Cabinet Secretary Yoshihide Suga said the “government is working with relevant ministries and agencies to determine the cause of the Coincheck hack and stands ready to take action as needed.” In a first move, Coincheck will “receive a business improvement order,” Suga added.
According to Bloomberg, “the thief was able to seize such a large sum in part because Coincheck lacked basic security protocols,” by keeping assets in a “hot wallet, which is connected to external networks.” Cold wallets are not connected to the outside world and are less vulnerable to theft. Coincheck “also lacked multi-signature, a security measure requiring multiple sign-offs before funds can be moved.” Although no guarantee it will stop theft, it would make it harder to pull off.
CNN reports that “Coincheck has promised to partially refund the 260,000 cryptocurrency investors affected by the theft, although it didn’t say when it would do so or where it’s getting the money from.”
Bitcoin Association of Hong Kong founding member David Shin, who is also president of Asia Fintech Society, notes that the Coincheck theft “is likely to push policy makers to enforce stricter security requirements at cryptocurrency exchanges.” “A lot of regulators don’t know yet how to regulate this area,’’ he said. “This episode will definitely get their attention.’’
Record Crypto Heist Raises the Appeal of a New Type of Exchange, Bloomberg, 1/30/18