$534m stolen from Japanese exchange in world's biggest cryptocurrency theft

Tokyo-based cryptocurrency exchange Coincheck, Inc. is under government scrutiny after it was subject to a $534M theft last week.

Coincheck stated that approximately 523 million NEM coins were transferred from the exchange to another account at around 3am local time last Friday morning, January 26. The incident is believed to be the largest case of cryptocurrency theft so far. Currently, all deposits and withdrawals on Coincheck have been suspended.

The exchange has promised to partially refund the 260,000 investors affected by the theft, although logistics have not yet been finalised. The amount totals to ¥46.3 billion ($426 million), which is approximately 20% less than the total value of currency stolen.

Japan's Financial Services Agency (FSA), the country's financial regulator responsible for overseeing banking, security and exchange, has intervened and issued an order to Coincheck to improve business operations.

"We earnestly accept the terms of order and vow to re-examine our business practices while simultaneously striving to make all facts involved in this case clear, discover the root cause of the breach, safeguard our customers, and develop stronger and more effective measures for system risk management and prevention of similar events in the future," stated Coincheck in a blog post yesterday on January 29.

"Once again, we would like to offer our sincerest apologies to our customers and everyone else who has been affected by this incident. We will do our utmost to enact meaningful changes to our platform in order to regain the trust of our customers and the community."

FSA will potentially investigate other cryptocurrency exchanges in Japan amid fears that similar attacks could occur.

Company President Koichiro Wada stated in a news conference last Friday that the stolen NEM coins were kept in a "hot wallet", which is a digital online-based storage option as opposed to an offline, more secure "cold wallet". The exchange also does not use an extra layer of security known as a multi-signature system. Wada said that technical difficulties and a shortage of staff are the reasons for this.

The theft highlights the vulnerabilities in trading an asset that policymakers are struggling to regulate.

"It's been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not," said Makoto Sakuma, a research fellow at NLI Research Institute.

"If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever."