Tokyo-based cryptocurrency exchange Coincheck has today announced a plan to compensate approximately 260,000 NEM holders for $523 million XEM that was illegally removed from Coincheck. The cause of the hack is currently under investigation, according to a notice on the company’s website. Similar events in other currencies including JPY have not been confirmed.
On Jan. 26, Coincheck suspended some of its functions after an event occurred around 02:57 on that date. The company detected an abnormality around 12:07 and issued a notice regarding the temporary suspension of NEM payments. At around 12:38, NEM trading was temporarily suspended. At around 16:33, withdrawals of all handling currency including JPY were suspended, followed by the temporary suspension of trading other than BTC, including credit card, pay day and convenience store activity. Eventually, exchange executives confirmed the theft near the end of the day.
Coincheck will refund NEM holders in Japanese yen to their CoinCheck wallets.
Coincheck To Calculate Losses
Coincheck will calculate the compensation price using the weighted average of the volume, with reference to the Zaif XEM currency exchange operated by Tek Bureau Inc. The calculation period is the time of the sale stop, 12:09 Japan time on Jan. 26, to the release delivery time, 23:00 Japan time on Jan. 27.
The compensation amount will be 88.549 yen times the number of units held.
Coincheck apologized for any inconvenience caused to business partners, customers and related parties.
The exchange stated that it is committed to resuming services, to investigate the causes of the illegal remittance and to strength its security system.
Coincheck also said it will continue its efforts to seek registration of virtual currency exchanges to the Financial Services Agency.
A Security Failure
During a press conference following the suspension of activity, CoinCheck executives revealed several details about the hack and specifically the infrastructure of the Coincheck cryptocurrency exchange. Yuji Nakamura, a technology reporter based in Japan, reported that the Coincheck trading platform had not implemented multi-signature technology, stored all of the hacked funds in a hot wallet, and that the developers of Coincheck were still not sure how the exchange was hacked.
Most major cryptocurrency exchanges such as Kraken, Coinbase, and Bitfinex have multi-signature security measures in place, which prevent funds from being processed on public blockchain networks until a third-party security service provider confirms the legitimacy of transactions.
The lack of a multi-signature service is a critical security flaw for any cryptocurrency exchange. If multi-signature technology was integrated, the security breach could have been prevented.
Funds Stored In ‘Hot Wallet’
In addition to not having implemented multi-signature security measures, Coincheck kept all of its funds in a hot wallet. In cryptocurrency, a hot wallet is defined as a wallet that is connected to the Internet, while a cold wallet is described as a wallet which is stored offline. For large sums of user funds, cryptocurrency exchanges usually store cryptocurrencies in cold storage, to ensure that even in an event of a hacking attack, hackers cannot access user funds.
The malpractice of Coincheck of storing funds in a hot wallet and not implementing a multi-signature system ultimately led to the loss of user funds.
Featured image from Shutterstock.