Earlier today we reported that cryptocurrencies tumbled overnight after one of the most popular - if unlicensed - Japanese exchanges, Coincheck, halted withdrawals of funds and cryptos amid broad confusion as to what prompted the halt. Additionally, Coincheck said it had stopped deposits into NEM coins, a hint that something was very wrong with what until last night was the 10th-largest cryptocurrency by market value, and which tumbled nearly 20% overnight, dragging the rest of the sector lower as news of the Coincheck fiasco spread.
Speculation was rife: "Coincheck is a very well-known exchange in Japan," said Hiroyuki Komiya, Chief Executive Officer of Tokyo-based Blockchain Technology Consulting. "We’ve seen several outages at various crypto exchanges recently, so the extent and seriousness of Coincheck’s halt isn’t yet clear. We’re all very eagerly awaiting to hear more detail on what’s happening."
We didn't have long to wait: shortly after the halt, theories started to emerge as to what may have happened, with some speculating that the exchange may have been hacked after noticing that a massive ($110 million) transfer from Coincheck's Ripple wallet:
And then, the worst case scenario was confirmed by Coincheck itself told financial authorities that it had lost 500 million NEM cryptocurrency coins in today's cyberheist, which at the current exchange rate amounts to roughly $400 million, according to Nikkei.
NEM Foundation president Lon Wong also confirmed Coincheck was hacked, calling the stolen funds "the biggest theft in the history of the world", as quoted by CryptoNews. According to Wong, the hack had nothing to do with NEM and the blame lies exclusively with Coincheck:
“As far as NEM is concerned, tech is intact. We are not forking. Also, we would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn't use them and that's why they could have been hacked. They were very relaxed with their security measures," Wong said.
"This is the biggest theft in the history of the world," he added.
The hack, at recent NEMUSD exchange rates, would make it even bigger than Mt. Gox - which lost a total of $350 million in 2 hacks, one in 2011 and 2014 - by $50 million.
As noted above, Coincheck was one of the few crypto exchanges not registered with Japan’s Financial Services Authority - a regulator responsible for overseeing exchanges in the country - unlike the other prominent cryptocurrency exchanges, such as bitFlyer and Quoine. Furthermore, according to MineCC, CoinCheck used hot wallets not cold wallets, which are not secure.
Which may explain why local regulators are only now looking into what happened:
- JAPAN FSA SAYS LOOKING INTO FACTS OF COINCHECK CASE
While little additional information was available as of this moment, Coincheck added that the hacked NEM was sent illicitly outside exchange, at which point the trail was lost however "no other issues found with other currencies on exchange." Of course, the historic, nearly half a billion dollar hack is a big enough "issue."
The Japanese exchange also said that it was "working hard to secure client assets", and that it doesn't know how many total coins were lost, adding that it was not clear if NEM losses were internal or external.
And while memories of the historic Mt.Gox hack suddenly rush front and center, Coincheck said that it plans to start trading of unaffected currencies. In retrospect that may not be a good idea.
Paradoxically, cryptocurrencies have risen as the Coincheck hack news spread amid expectations the thieves will convert their stolen NEM coins into another cryptocurrency.