Coincheck Hack: “The Biggest Theft in the History of the World”

Sead Fadilpašić
Last updated: | 4 min read

This morning, the Japanese crypto exchange platform Coincheck was hacked and had 526 million XEM (c. USD 400 m) stolen, Lon Wong, President of the NEM.io Foundation, told Cryptonews.com.

It has nothing to do with NEM – there is no issue with the tech, and according to them, the blame lies exclusively with Coincheck:

“As far as NEM is concerned, tech is intact. We are not forking. Also, we would advise all exchanges to make use of our multi-signature smart contract which is among the best in the landscape. Coincheck didn’t use them and that’s why they could have been hacked. They were very relaxed with their security measures,” Wong said.

“This is the biggest theft in the history of the world,” he added.

Wong also said that it was one account that stole the tokens, and they will do what they can to track them down.

Watch the Coincheck 500m hack interview with Jeff McDonald, NEM Vice president:.

Following Friday’s news of Coincheck being hacked and more than 500 million XEM stolen, their blog is being updated to reflect on the current situation of one of Japan’s greatest cryptocurrency exchanges. As of right now, sales and purchases of any cryptocurrency other than Bitcoin are restricted.

From Coincheck’s official blog, the update says:

Update: 6:19 pm (JST), 1/26 1
Currently, credit card, Pay Easy, and convenience store payments are suspended. We sincerely apologize for these inconveniences and will continue to do our best to be back to normal operations as soon as possible.

As of right now, the XEM coin’s price has fallen by 18.46% in the last 24 hours (and the fluctuations are almost impossible to follow, because of their erratic behavior), which is significantly higher than its previous fall of a measly 1% in the week between January 18 and January 25. The coin dropped in price to USD 0.77 at 08:34 UTC today, not long after the news was published on Yahoo Japan. It eventually recovered to USD 0.78, where we are right now, but this is still a far cry from its last week average of USD 1.05. (source: coinmarketcap.com)

An obvious answer to this sudden plunge would be panic selling – even though the President of the NEM.io Foundation told Cryptonews.com that the blame lies solely in Coincheck for not using their multi-signature smart contract.

Reactions vary from people calling this event “spreading FUD” (Fear, uncertainty and doubt, or a disinformation strategy) to those who are sure this event is just whales* moving money out of his wallet/exchange.” The public seems reluctant to consider this a hack, and with good reason: panicking, as we see from the price drop, can play heavy tricks on the market.

If the hack is confirmed, it will be even bigger than Mt Gox by USD 50m.

While the blog post apologizes for the inconvenience, many have other, more sinister ideas: “Even if this is [a case similar to MtGox], the exchange needs to return investor’s funds as much as possible,” an article on Yahoo Japan argues. “If we assume that this business management sloppiness was in order to expand profit, not only management but also shareholders shall be held responsible.”

In purple – the account that the money was stolen from.

The implication of the case of MtGox may not be what the officials over at Coincheck want to hear right now, but their users are frozen in fear of the same scenario being reenacted.

Others argue that it is not actually known if it was a hack yet, because the money has not left the wallet it was moved to. “You would want to get that sh*t sold,” says Redditor u/Shniper.

Others warn against panic selling: “If a bank gets robbed, do you sell all your dollars?” asks u/web2linc.

It must be mentioned that Coincheck is not registered with Japan’s Financial Services Authority – a regulator responsible for overseeing exchanges in the country – unlike several other prominent cryptocurrency exchanges, such as bitFlyer and Quoine.

Japanese media seem to be flocking to the Coincheck headquarters, according to reports.
_______

* The term “whale” is frequently used to describe the big money cryptocurrency players that show their hand in the crypto market.
***
Some of the biggest crypto exchange hacks:

Mt. Gox
Two hacks, one in 2011 and one in 2014, were so severe that the Japanese-based Bitcoin exchange was forced to declare bankruptcy. At its peak, Mt. Gox was handling 70% of all Bitcoin transactions.
How much was stolen? Approximately USD 350m

NiceHash
The most recent of the hacks here was on a Slovenian-based exchange (not the first we’ll mention), which lost 4700 BTC in December 2017. The hack was the result of an employee’s security credentials being used to access the exchange’s systems. NiceHash’s Bitcoin wallet was robbed.
How much was stolen? Approximately USD 80m

Bitfinex
This exchange was at least prepared for the worst when a massive hack happened, the result of a breach in the exchange’s wallet architecture. Users were refunded gradually, unlike with the earlier Mt. Gox hack.
How much was stolen? Approximately USD 72m

The DAO
The Decentralized Autonomous Organization was set up in 2016, with the aim of allowing for investment using cryptocurrencies. Unfortunately a flaw in the smart contract meant it returned Ether multiple times before updating the system.
How much was stolen? Approximately USD 70m

Parity Wallet
Another Ethereum theft, the hack here was the result of a flaw in the multi-sig wallets used on the Parity client, in July 2017.
How much was stolen? Approximately USD 30m

Bitstamp
Bitstamp was set up in Slovenia as a European-based Bitcoin exchange, with the aim of providing a safe place to do trades. It was hacked in 2015. These days, they’ve stepped up their security significantly, meaning it is much harder to imagine a repeat hack happening.
How much was stolen? Approximately USD 5m