Japan's new cryptocurrency regulations were put to the test last week when CoinCheck - a popular, if unlicensed, Tokyo-based crypto-exchange - became the target of "the biggest heist in crypto history." As we reported last week, hackers made off with more than 500 million NEM tokens, worth $400 million before news of the hack triggered a 20% devaluation in what was until recently the tenth most popular cryptocurrency. That sum makes it bigger than Mt. Gox at the time of its implosion in February, 2014.
To save face, Japan's financial regulator said on Monday it would inspect the country's cryptocurrency exchanges; it also ordered Coincheck to review and repair its security systems, which, as Reuters pointed out, were irresponsibly lacking.
The exchange apparently hadn't bothered to implement what's called multi-signature security - the same flaw that led to the Bitfinex hack about 18 months ago.
Meanwhile, local media reports cited by Bloomberg say Japan's Metropolitan Police Department has spoken to employees at Coincheck, has requested full access to the company's servers, and will be conducting a full investigation. The police will also be analyzing records in Coincheck’s servers to identify the source of the hacking.
Coincheck - which halted withdrawals and trading in all cryptoassets except bitcoin last Friday following the hack, sending the market lower - said it would return 90% of its customers' assets with internal funds, though it has yet to disclose how or when it will do this.
Japan started requiring exchange operators to register with the government in April 2017, and allowed pre-existing operators like Coincheck to continue ahead of being formally registered. So far, 16 exchanges have been registered by the FSA, Japan's financial regulator.
The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.
The Financial Services Agency (FSA) on Monday ordered improvements to operations at Tokyo-based Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen ($534 million) of NEM coins, among the most popular digital currencies in the world.
Coincheck said on Sunday it would return about 90% of losses with internal funds, though it has yet to figure out how or when.
The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, which operates on platforms not directly connected to the internet, Coincheck said. It also does not use an extra layer of security known as a multi-signature system.
Cryptocurencies were slightly lower on Monday as the customers wondered whether they would receive any reimbursement for their stolen funds. The FSA has given Coincheck roughly two weeks to improve its systems before it must submit a report on its progress:
The FSA said it ordered Coincheck to submit a report on the hack and measures for preventing a recurrence by Feb. 13, and that it will, if necessary, conduct on-site inspections of other cryptocurrency exchanges.
The regulator has yet to confirm whether Coincheck has sufficient funds to make the reimbursements. Hacks like these are particularly stressful for crypto traders because the collapse of Mt. Gox ended several months of torrid gains for bitcoin, sending it into a two-year bear market. And one researcher said the Coincheck hack underscores the need for exchanges to improve their security.
“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.
“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever.”
The Singapore-based NEM Foundation said it had traced the stolen coins, but it's not clear if they're contemplating the type of hard fork that Ethereum used to recover stolen coins following the hack of the DAO. That famously split the Ethereum blockchain into Ethereum and Ethereum Classic.
Of course, Coincheck hasn't been the only high-profile hack since Mt. Gox; Last month, Youbit was hacked by what South Korean intelligence believes were North Korea-linked hackers.
As Reuters reminds us, world leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with U.S. Treasury Secretary Steven Mnuchin relating Washington’s concern about the money being used for illicit activity. Japan's top financial diplomat said regulating cryptocurrencies would be on the agenda for the G20 finance chiefs' meeting in Argentina in March.
* * *
That skepticism has spread to Wall Street banks, which are apparently not emulating Goldman Sachs's embrace of cryptocurrency trading.
Deutsche Bank AG’s Wealth Management currently does not advise to invest in crypto-currencies, according to Markus Mueller, Global Head of Chief Investment Office, Bloomberg reported. Problematic issues include high volatility, possible price manipulation and data loss or data theft, he told Bloomberg News in an interview.
"We do not recommend that. It’s only for investors who invest speculatively," he said. "There is a realistic risk of total loss." According to Mueller, recent price increases reflect a lot of imagination, driven by the current situation in the market. There is hardly any return scope left in other asset classes such as fixed income, he said.
Mueller is not the only person warning against crypto-currencies.
While central bankers in the US have largely played down the risks cryptocurrencies pose to the broader economy, Bank of Spain Governor Luis Maria Linde said they are an asset that carries enormous risks. And Austria’s Financial Planners Association compared bitcoin investments with a "casino visit".
In order to establish crypto-currencies as some kind of asset class in the future, more regulation, security and transparency, for example via official trading venues, are required, according to Mueller. "Important issues such as liability and documentation are unclear," he said. "We are still at the very beginning."
Still, Mueller maintains that blockchain technology - the distributed ledger system upon which cryptocurrencies are built - is still "interesting" and that the bank is still exploring ways to leverage that technology.