Following one of the largest hacks in the history of cryptocurrency, Japanese cryptocurrency exchange Coincheck has announced that it will comply with an order from Japan’s Financial Services Agency to improve its business operations.
On Friday, January 26, 2018, Coincheck was hacked, resulting in the loss over over $530 million USD worth of NEM (XEM) tokens. A full transcript of the announcement from Coincheck executives can be found here.
The core of the problem was that Coincheck was keeping the currency in a “hot” wallet, which meant the method of storage was connected to the internet. By contrast, U.S.-based Coinbase keeps 98 percent of its holdings offline in “cold” storage. The hack ranks among the largest of cryptocurrency since the launch of bitcoin. Coincheck subsequently restricted deposits and withdrawals of most currencies pending investigation and resolution of the problems.
“We earnestly accept the terms of the order and vow to re-examine our business practices while simultaneously striving to make all facts involved in this case clear, discover the root cause of the breach, safeguard our customers, and develop stronger and more effective measures for system risk management and prevention of similar events in the future.”
The exchange also announced a reparations policy yesterday, January 28, which will reimburse 523,000,000 XEM to 260,000 users.
The hack caused an immediate 20 percent drop in the price of XEM to $0.79, but it has since recovered those losses and more, rising to $1.07 within 24 hours.
Like Bitcoin, NEM is a cryptocurrency built on top of blockchain technology. Unlike bitcoin, which uses Proof of Work (PoW), NEM uses Proof of Importance (PoI) to establish consensus on the blocks. PoI uses “harvesters” in a variation of the Proof of Stake (PoS) model as opposed to miners used for PoW methods to generate tokens and does not require special computing or energy requirements to arrive at consensus. XEM is the name of the cryptocurrency associated with NEM harvesting and it is those tokens that were stolen from Coincheck.
Vice President of the NEM Foundation, Jeff McDonald, told Bitcoin Magazine, “Coincheck contacted us immediately, so we knew about the problem and had devised a plan to tag the stolen coins before the news had even hit the media. The NEM technology is fully intact, so there is no need to hard fork the code.”
McDonald said that NEM immediately reached out to the exchanges and identified 10 different accounts where most of the XEM tokens went. All of those tokens have been tagged, so anyone who is considering buying these tokens will be able to see they were stolen from the Coincheck exchange and should not accept them.
“Had Coincheck used the NEM multi-signature wallet, this could not have happened,” McDonald added. “A third-party audit would have uncovered the problems, but Coincheck was the single exchange in Japan that was not FSA licensed and illustrates the value of good governance and oversight in this space.”
Coincheck is expected to produce a written report summarizing the actions it will take to improve security and customer support by Tuesday, February 13, 2018.