It’s official. Tokyo-based cryptocurrency exchange Coincheck was hacked in what is believed to be the largest exchange theft ever carried out. This story is continually developing, but here’s what we know so far.
This Was the Largest Cryptocurrency Exchange Hack in History
In a press conference, Coincheck executives confirmed that the hackers absconded with more than 500 million NEM, worth approximately $530 million at the time of the hack, although Nikkei Veritas tweeted from the conference that the exact amount of funds stolen will not be known until officials conduct a detailed investigation.
The Coincheck hack supplanted Mt. Gox as the biggest cryptocurrency exchange hack in history. The Mt. Gox thief made off with approximately 850,000 bitcoins, worth roughly $450 million at the time.
Granted, the Mt. Gox hack was larger as a percentage of the total cryptocurrency market cap at the time of the theft, but in pure fiscal terms Coincheck now holds the infamous distinction of having been victim to the biggest cryptocurrency exchange hack in history.
As of the time of writing, the hacker had moved 300,000 XEM tokens to another address, and both addresses had been flagged with a mosaic warning other exchanges to not accept the funds.
The Coincheck Hacker Only Breached the Exchange’s NEM Wallet
Coincheck executives said that the hack was isolated to Coincheck’s NEM walletand that its other funds remain secure.
This brought to relief to many traders, as early reports made it appear as though the hacker had infiltrated multiple wallets. A Ripple ledger monitor flagged a $110 million XRP transaction sent from Coincheck to an unknown wallet that currently holds more than $3 billion worth of XRP.
However, the transaction is now believed to have been a security measure taken by Coincheck following the infiltration of its NEM wallet.
NEM Foundation executives have stressed that the hack had nothing to do with the security of the XEM cryptocurrency itself and that the blame lies solely with Coincheck.
Coincheck Kept Way Too Much Money in Its Hot Wallets
As CCN reported, Coincheck executives admitted during the press conference that they kept that vast majority of their funds in “hot wallets,” which become vulnerable if hackers breach company servers.
Because hacks have become so common, reputable cryptocurrency exchanges keep the vast majority of their funds in “cold wallets,” which are stored offline and in secure locations.
Coincheck, however, said that “It was hard for us to manage cold wallet,” which is why the hack was so much larger than other recent cryptocurrency exchange thefts.
To make matters worse, Coincheck did not implement NEM’s multisignature smart contract system, which would have added an additional layer of security to the wallet.
NEM Doesn’t Plan to Fork to Recover the Stolen Funds
Because the hack comprised such a large percentage of the total number of XEM in circulation, there was immediate speculation that NEM would activate a hard fork to recover the funds from the hacker, as Ethereum did following the DAO theft in 2016.
However, Lon Wong, president of the NEM Foundation has said publicly that he opposes a fork.
In a statement, he reiterated that the hack occurred due to Coincheck’s “relaxed” security measures, not an inherent flaw in the NEM source code. Wong also encouraged cryptocurrency exchanges to take advantage of its multi-signature smart contract.
Coincheck Wants to Continue Operating — and Compensate its Customers
Finally, Coincheck executives stated that they intend to continue operating the exchange and will compensate customers for their losses, although they did not go into detail about what form this compensation will take.
Notably, though, Tokyo-based Bloomberg reporter Yuji Nakamura said that Coincheck had not yet received an exchange license from Japan’s Financial Services Agency (FSA). The deadline was October, but the FSA had extended a grace period to the company.
Both the scale of the theft and the revelation of Coincheck’s inadequate security practices raises questions about whether the FSA will take action against the exchange — or perhaps even shutter it altogether.