The Japanese crypto exchange platform Coincheck was hacked and had 526 million XEM (c. USD 400 m) stolen this morning, 26th January. This is the biggest theft in crypto history, far outstripping Mt.Gox.
Lon Wong, President of the NEM.io Foundation told Cryptonews.com
“As far as NEM is concerned, tech is intact. We are not forking. Also, we would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn’t use them and that’s why they could have been hacked. They were very relaxed with their security measures. This is the biggest theft in the history of the world,”
Wong also said that it was one account that stole the tokens, and they will do what they can to track them down. A full statement will be available later today. It should be made clear that the theft has nothing to do with NEM technology, and the blame lies exclusively with Coincheck.
The little known blockchain based NEM currency is popular in Japan, with the JPY trading pair handling the most volume.
Price however fell today by nearly 20% on the news, with NEM’s market cap now standing at $7 billion from an all time high of $17 billion at the beginning of the year. Coincidentally, both Mt.Gox and Coincheck are based in Japan, so the country is once more suffering the shocking news of an incredible crypto theft.
As of right now, sales and purchases of any cryptocurrency other than Bitcoin are restricted on Coincheck.
From Coincheck’s official blog:
Update: 6:19 pm (JST), 1/26 1
Currently, credit card, Pay Easy, and convenience store payments are suspended. We sincerely apologize for these inconveniences and will continue to do our best to be back to normal operations as soon as possible.
As of right now, the XEM coin’s price has fallen by 18.46% in the last 24 hours (and the fluctuations are almost impossible to follow, because of their erratic behavior), which is significantly higher than its previous fall of a measly 1% in the week between January 18 and January 25. The coin dropped in price to USD 0.77 at 08:34 UTC today, not long after the news was published on Yahoo Japan. It eventually recovered to USD 0.78, where we are right now, but this is still a far cry from its last week average of USD 1.05. (source: coinmarketcap.com)
The Crypto community seems reluctant to consider this a hack to avoid panicking the wider market. If the hack is confirmed, it will be the biggest in history, bigger even than Mt Gox by $50m.
An article on Yahoo Japan argues:
“Even if this is [a case similar to MtGox], the exchange needs to return investor’s funds as much as possible. If we assume that this business management sloppiness was in order to expand profit, not only management but also shareholders shall be held responsible.”
It must be mentioned that Coincheck is not registered with Japan’s Financial Services Authority – a regulator responsible for overseeing exchanges in the country – unlike several other prominent cryptocurrency exchanges, such as bitFlyer and Quoine.
Some of the biggest crypto exchange hacks:
Two hacks, one in 2011 and one in 2014, were so severe that the Japanese-based Bitcoin exchange was forced to declare bankruptcy. At its peak, Mt. Gox was handling 70% of all Bitcoin transactions.
Approximately USD 350m stolen.
The most recent of the hacks here was on a Slovenian-based exchange (not the first we’ll mention), which lost 4700 BTC in December 2017. The hack was the result of an employee’s security credentials being used to access the exchange’s systems. NiceHash’s Bitcoin wallet was robbed.
Approximately USD 80m stolen.
This exchange was at least prepared for the worst when a massive hack happened, the result of a breach in the exchange’s wallet architecture. Users were refunded gradually, unlike with the earlier Mt. Gox hack.
Approximately USD 72m stolen.
The Decentralized Autonomous Organization was set up in 2016, with the aim of allowing for investment using cryptocurrencies. Unfortunately a flaw in the smart contract meant it returned Ether multiple times before updating the system.
Approximately USD 70m stolen.
Another Ethereum theft, the hack here was the result of a flaw in the multi-sig wallets used on the Parity client, in July 2017.
Approximately USD 30m stolen.
Bitstamp was set up in Slovenia as a European-based Bitcoin exchange, with the aim of providing a safe place to do trades. It was hacked in 2015. These days, they’ve stepped up their security significantly, meaning it is much harder to imagine a repeat hack happening.
Approximately USD 5m stolen.
In a press conference at 23:30 JST (14:30 UST), the exchange’s president and chief operating officer confirmed that around 500 million NEM tokens then worth around 58 billion yen (approx. $533 million) were taken from Coincheck’s digital wallets on Friday, according to news source Asahi.
Tweets from the conference by Yuji Nakamura appeared to indicate that only NEW was stolen, and they plan on continuing to operate while planning on how to compensate customers:
Main takeaways from Coincheck press conf:
– only NEM impacted
– plans to continue operating, restart trading
– not clear on plan to repay customers
– no multisig💀
– wouldn’t admit security was weak
– not sure how hacked, if domestic or foreign hackers
– CEO barely spoke
— Yuji Nakamura (@ynakamura56) January 26, 2018
Coincheck is looking into compensating its customers, its executives also announced.