"Biggest Theft In Crypto History": Over $400MM Stolen From Japanese Crypto Exchange

Earlier today we reported that cryptocurrencies tumbled  overnight after one of the most popular - if unlicensed - Japanese exchanges, Coincheck, halted withdrawals of funds and cryptos amid broad confusion as to what prompted the halt. Additionally, Coincheck said it had stopped deposits into NEM coins, a hint that something was very wrong with what until last night was the 10th-largest cryptocurrency by market value, and which tumbled nearly 20% overnight, dragging the rest of the sector lower as news of the Coincheck fiasco spread.

Speculation was rife: "Coincheck is a very well-known exchange in Japan," said Hiroyuki Komiya, Chief Executive Officer of Tokyo-based Blockchain Technology Consulting. "We’ve seen several outages at various crypto exchanges recently, so the extent and seriousness of Coincheck’s halt isn’t yet clear. We’re all very eagerly awaiting to hear more detail on what’s happening."

We didn't have long to wait: shortly after the halt, theories started to emerge as to what may have happened, with some speculating that the exchange may have been hacked after noticing that a massive ($110 million) transfer from Coincheck's Ripple wallet:

And then, the worst case scenario was confirmed by Coincheck itself told financial authorities that it had lost 500 million NEM cryptocurrency coins in today's cyberheist, which at the current exchange rate amounts to roughly $400 million, according to Nikkei.

NEM Foundation president Lon Wong also confirmed Coincheck was hacked, calling the stolen funds "the biggest theft in the history of the world", as quoted by CryptoNews. According to Wong, the hack had nothing to do with NEM and the blame lies exclusively with Coincheck:

“As far as NEM is concerned, tech is intact. We are not forking. Also, we would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn't use them and that's why they could have been hacked. They were very relaxed with their security measures," Wong said.

"This is the biggest theft in the history of the world," he added.

The hack, at recent NEMUSD exchange rates, would make it even bigger than Mt. Gox - which lost a total of $350 million in 2 hacks, one in 2011 and 2014 - by $50 million.

As noted above, Coincheck was one of the few crypto exchanges not registered with Japan’s Financial Services Authority - a regulator responsible for overseeing exchanges in the country - unlike the other prominent cryptocurrency exchanges, such as bitFlyer and Quoine. Furthermore, according to MineCC, CoinCheck used hot wallets not cold wallets, which are not secure.

Which may explain why local regulators are only now looking into what happened:


While little additional information was available as of this moment, Coincheck added that the hacked NEM was sent illicitly outside exchange, at which point the trail was lost however "no other issues found with other currencies on exchange." Of course, the historic, nearly half a billion dollar hack is a big enough "issue."

The Japanese exchange also said that it was "working hard to secure client assets", and that it doesn't know how many total coins were lost, adding that it was not clear if NEM losses were internal or external.

And while memories of the historic Mt.Gox hack suddenly rush front and center, Coincheck said that it plans to start trading of unaffected currencies. In retrospect that may not be a good idea.

Paradoxically, cryptocurrencies have risen as the Coincheck hack news spread amid expectations the thieves will convert their stolen NEM coins into another cryptocurrency.


NiggaPleeze stizazz Fri, 01/26/2018 - 12:42 Permalink

leaving coins with exchanges is not a good idea. buy a fricking hw wallet and OWN your coins

That's ignoring the fundamental problem.  Someone can hijack the wallet on your computer or smartphone even more easily than one in a secured environment like an exchange.

The real problem is that anyone who can get your key (whether by brute force attack or copying your wallet), or who can enter fake transactions on the block-chain (by, even temporarily, controlling a majority of miners, the number of which will continue to shrink as the effort/reward curve continues to deteriorate) can take all of your Shitcoins.  Secure my arse!

In reply to by stizazz

Mister Ponzi Gap Admirer Fri, 01/26/2018 - 12:31 Permalink

You're right that if the software code is open source then the value is not so much in the code but in the network. Anybody can, e.g., copy the Ethereum network (and some did) but noone has managed to attract - by a wide range - the same number of nodes and developers. And the security of the blockchain heavily depends on network size. To state that there is no value in a large decentralized blockchain is simply not true. The 900+ projects that decided to build their applications on the Ethereum network clearly indicate otherwise. A few examples: Several big banks are currently automizing their compliance functionalities on Ethereum. Innogy, the clean energy subsidiary of German energy giant RWE, has put its entire EV fueling stations on Ethereum. And even the United Nations use Ethereum for their World Food Program. Obviously, those companies disagree that there is no value to them in the Ethereum blockchain. And for using their applications they need Ether, the native token of Ethereum. So, Ether may not be an asset as it does not generate cash flows but it surely is some kind of commodity that allows users to use the blockchain.

In reply to by Gap Admirer

DCFusor Gap Admirer Fri, 01/26/2018 - 13:50 Permalink

Free as in speech, not free as in beer.  Plenty of "fake news" about that shit by competitors.
Posted from a linux box with plenty of open source, yet paid-for software for specialized things - the pay gets upgrades and support.  Not that I use any of their crap voluntarily but maybe you should check out that often-profitable open source company called Red Hat that produces the linux much of the web is served with - and charges money just fine, thanks.  Profit doesn't come out of thin air, like your comment evidently did.

In reply to by Gap Admirer

Mister Ponzi DCFusor Fri, 01/26/2018 - 14:09 Permalink

Those are two different concepts. Of course, there is a service industry around open source solutions. Moreover, my company also licences free software like R and pays for it (although it is open source and in principle free-of-charge). If you have regular contact with auditors who check software use in a company you know that it may make sense for companies to pay for principally free solution.

In reply to by DCFusor

silvermail Mister Ponzi Fri, 01/26/2018 - 15:36 Permalink

The value of stock exchanges arises and is based on real products and the capitalization of issuers' companies.
But the value of the so-called crypto currency, arises and is based solely on the inflow into this system of new funds, from the new participants (new victims) of this Ponzi scheme.

This is exactly what the real assets are different from those imaginary assets. which are used in all financial pyramids.
The growth of the value of an asset solely due to the inflow of new investors is the very first and most important sign of any Ponzi scheme.

In reply to by Mister Ponzi

Mister Ponzi silvermail Fri, 01/26/2018 - 16:25 Permalink

Wrong. They may have no value to you but that doesn't mean that others don't look at it differently. As I've written above many companies build applications e.g. on the Ethereum blockchain. So, this blockchain and therefore its native token has value to these companies.

Most of the tokens are not currencies but utility tokens and therefore have clearly defined use cases. It is up to the market to value those use cases but it is obvious that your statement that those are imaginary assets is clearly wrong.

And BTW: There are several tokens that are designed like equities giving investors access to the cash flows of the project (like dividends of a stock). By your argumentation you have to consider these tokens as real, valuable assets (as long as there are any proceeds to distribute).

In reply to by silvermail

pods Buckaroo Banzai Fri, 01/26/2018 - 11:22 Permalink

Here is a what if:

What if the exchange was upside down after printing too many coins?  Outflows overwhelmed inflows to the point where there was no $$ left to withdraw.

So someone "hacks" the exchange and moves the printed coins to some throw away wallet and then they can scream that they were hacked.
From what another poster had written extensively here (sorry, name isn't coming to me now), coins on the exchange are NOT on the blockchain. So until a coin is moved from the exchange it's a black hole.  Works great when inflows are greater than outflows, but once it reverses, exchanges go insolvent. So someone then "hacks" the exchange to cover for the insolvency.

Crypto geniuses, is this possible?  I really would like to understand this.

More and more these events are going to usher in decentralized exchanges, which will benefit the real users (and producers) of cryptos, and the gamblers will be left playing musical chairs in the casino over printed funny coins.


In reply to by Buckaroo Banzai

TheFacilitator pods Fri, 01/26/2018 - 11:26 Permalink

You cant just "print" coins that have a blockchain. The whole point is to prevent counterfeiting.

An exchange could certainly run a fraud in which they take your money, and credit you an iou which they never actually bought. But you couldnt ever withdrawl it, and they couldnt steal it because it never existed. They could however take all the stolen fiat they have, then buy real coins with it and transfer them to a personal wallet.

In reply to by pods

pods TheFacilitator Fri, 01/26/2018 - 12:15 Permalink

That's what I mean. You cannot counterfeit a transaction on the blockchain (well, besides the 51% attack).

But when people are buying and selling BTC on an exchange their transactions are quicker than if it was written on the blockchain.

So when you are buying and selling within an exchange it's like a black box.  It's only written on the blockchain when you move them off the exchange, and that is when it takes a long time to confirm, etc.

So exchanges act like a big slush fund or the old fractional reserve banks back in the gold days. They issue you a ticket that says you have 4 BTC, but in reality, you only have that IN the exchange. When you remove it, or the USD, then it becomes a problem because they have to come up with the coins/USD.  That is when they pull out the "hack" routine.

That is what I meant.


In reply to by TheFacilitator

TheFacilitator pods Fri, 01/26/2018 - 12:37 Permalink

Its certainly possible, and some shady exchanges probably do it. It would also be possible to do the exact same thing with a stock exchange, or commodities exchange as well. Not unique to crypto, buy having the product in the form of crypto would certainly make it easier for the thief to get away with the fraud in the end.

In reply to by pods

FakeNewsBandit pods Fri, 01/26/2018 - 13:24 Permalink

They pull out the hack routine once they well and truly fucked. Up until that point they will be limiting withdrawals with bs KYC issues, withdrawal issues etc etc.. The huge amount of retards who leave coins on exchange means theres a stack of coins that never move and that allows them to cover up insolvency for a long time. The key to bringing them down is a mass withdrawal. 

In reply to by pods

Advoc8tr pods Fri, 01/26/2018 - 12:31 Permalink

The idea is theoretically possible however the "hack" can easily be confirmed by seeing the transaction on the blockchain explorer ... if you see it there then genuine coins were moved out of the exchange "slush fund" and onto the blockchain and into someone's wallet.  Those coins had to really exist in the exchanges NEM cold wallet.  This would worsen the exchanges situation .. yes ?  the slush fund indicates 1 billion NEM sloshing around on the exchange when they only have 500 mill then those 500mil disappear while the slush fund still indicates 1 billion across all the exchange users 'wallets' 

In reply to by pods

overbet topspinslicer Fri, 01/26/2018 - 11:57 Permalink

How is your metal only portfolio performing? Still waiting for that one time the end of dayz will occur so you get a > 5% pop while also hoping that the end of dayz isnt really the true end of dayz so youll have some liquidity and not complete chaos to sell some of your metal for an actual profit? Well thought out very smart bet. Quite the needle youll need to be threading. You should be an adviser. 

FYI you wont see it in your lifetime. I would gladly dump 75% of my decades worth of metal stacking to roll into cryptos if I could do so without a stiff spread. 

In reply to by topspinslicer