Coincheck Exchange Loses Over $500 Million in Apparent HackDate Written: January 27 2018 Written By: George Miller
In what was an undoubtedly stressful day for the company’s PR department and its users, Coincheck issued a press release on January 26 announcing that coins owned by the exchange had been “illegally remitted.” The take: 523 million NEM tokens – valued at around $524 million at the time of the theft. After discovering the alleged hack, the exchange suspended nearly all trading and withdrawals on the platform. The suspension remains in effect as Coincheck investigates the origin and extent of the damage done by the hack.
What Happened to Coincheck?
Coincheck is reportedly working with regulators to figure out exactly what happened. However, based on the information currently available, it appears that hackers stole the private key for the wallet where the NEM coins were stored. Once they had the private key, they simply drained the Coincheck NEM wallet.
But how did the hackers get the key in the first place? So far, nobody is sure. Typically, keys are lifted from wallet storage media or by spying on communications channels. You can can protect your private key by encrypting your wallet or requiring multisig verification, but the only guaranteed method of protecting your coin is going off-grid with cold storage.
Many members of the crypto community have already turned the blame back onto Coincheck itself. At this point, everyone knows that hackers can steal private keys. Coincheck’s NEM coins were stored in a basic hot wallet rather than a much more secure multisig wallet, causing many to accuse the exchange of lax security standards. Coincheck had the technological capacity for cold storage, and valuable coins like Bitcoin and Ether were stored in this manner.
Is Coincheck The New Mt. Gox?
Just yesterday, hackers nicked over $500 million worth of digital currency from Coincheck, a popular cryptocurrency exchange based in Tokyo. About three years ago, hackers stole over $400 million worth of virtual currency from the Mt. Gox, another (formerly) popular cryptocurrency exchange based in Tokyo. While two facts hardly establish a trend, this observation is a bit chilling.
For those of you who are new to the crypto world, Mt. Gox was the world’s largest Bitcoin exchange until 2014 when it was hacked and taken for $460 million worth of Bitcoin. Subsequent investigations exposed numerous security flaws in Mt. Gox’s platform, right down to its source code. This allowed hackers to skim money from the exchange for years. By the time Mt. Gox came clean, it had lost a total of 850,000 Bitcoin and was forced to shut down. The company is still swimming in lawsuits from account holders who filed claims for their lost Bitcoins.
Coincheck plans to keep operating after yesterday’s theft. But, if their losses are substantial enough, they will be forced to declare bankruptcy just like Mt. Gox. If Coincheck follows this same path, users who lost their NEM coins shouldn’t hold their breath for a refund.
Coincheck representatives have expressed “deep regret” at the security breach, and they are working to identify the hackers. As more information comes to light, we will see the true scope and extent of the security issues at Coincheck that provided the opportunity for the theft. The exchange’s statements regarding account security are questionable, to say the least. On the platform’s website, Coincheck implies that it stores all customers’ assets completely offline. However, hackers have made off with more than $500 million worth of cryptocurrency from their hot wallet.
Market Impacts of the Coincheck Hack
News of the hack turned many NEM investors bearish. As of press time, NEM was trading at around $0.83 – down about 20% from its intra-day high. However, the coin has been on a downward slide since it hit a year-to-date high of $2.00 just a few weeks ago. News of the hack definitely impacted NEM value, but it’s possible that the price is simply deflating from a speculative high.
The fact that Coincheck lost a bunch of NEM coins may not have much of a long-term impact on the market. After all, Mt. Gox’s huge Bitcoin loss ultimately did little to disrupt the progress of the world’s leading virtual currency. At the time of publication, cryptocurrency values were slipping across the board. With the exception of NEM, Ripple was the hardest hit among the top-ten cryptocurrencies. However, as of press time, Ripple was only down about 8%. A pretty quiet day, at least as far as cryptocurrency markets go.
The real problem with the Coincheck hack is its potential impact on investor confidence. Bitcoin started to creep on the mainstream in 2017, but only after years of campaigning by blockchain advocates. Most investors still don’t trust it, and they have several security flaws, hacks, and Ponzi schemes they can point to as justification. A theft of this degree makes investors even more skeptical of a market that has yet to gain mainstream legitimacy.
Going forward, we shall see whether major hacks like this one will force exchanges to shore up security measures or whether security concerns eventually cripple the crypto markets.