Tokyo-based cryptocurrency exchange CoinCheck suffered from a hack that took $530 million worth of XEM – the native coin of NEM – according to its official statement.
It all started with a rumor about a theft, spread all over the crypto-exchange’s customer base after a halt on all withdrawals of cryptocurrencies (except for Bitcoin) was announced via CoinCheck’s official Twitter account, stating (by that moment) that they would detail the incident soon. With it, some coins took a leap in their prices, being NEM the most affected with 18 percent of loss.
Soon after, executives of the affected company held a public conference where they confirmed everyone’s fears: a hacker or a group of them was able to dry out its hot wallets and get away with the aforementioned amount of money, although at the time they offered an explanation, it was unclear whether or not other cryptocurrencies were also affected. When questioned why they didn’t save most of funds on cold wallets (which are kept offline, thus more secure), they simply answered “it was hard for us to manage cold wallets.”
This opened the gate for a wave of rumors about hackers gaining access to other cryptowallets, which would have increased the overall amount stolen had these rumors being true. Nonetheless, it was confirmed via Twitter that only the NEM wallet was breached, bringing some relief to many traders. And, in an apparent security measure took by them, a movement of $ 110 million worth of Ripple’s coin to an unknown wallet was reported by an XRP monitor.
Security was not addressed correctly
Although it remains unknown how thieves were able to gain access to the Japanese crypto-exchange’s trading platform, it is safe to assume that two flaws in their security played a big role in the breach. The first of them has to do with the lack of multi-signature technology, a measure most of well-known crypto-exchanges have implemented because it prevents any transaction from being processed on public blockchain networks without the confirmation of a third party security service, such as blockchain security firm BitGo.
The second flaw is the aforementioned resilience from CoinCheck’s team to hold the vast majority of customer’s funds in offline, more secure cold wallets, instead having them in easier-to-access hot wallets. Since hacks targeting crypto-exchanges have become more common lately, these trading platforms have started to store most of their funds in cold storages, ensuring their safety even if hackers manage to access internet-connected hot wallets.
Have the dev team addressed both weaknesses in their security measures, the $ 530 million worth NEM coins would have been prevented and thus, avoiding to become the biggest cryptocurrency theft in history.