Japanese cryptocurrency exchange CoinCheck has announced they will compensate an estimated of 260,000 NEM holders for a total amount of $ 523 million worth of XEM stolen from their wallets last friday, when hackers managed to breach its security and get away with said amount.
According to a post released on their official website, they elaborated a plan to compensate their affected users with a reimbursement of their funds in Japanese yen to their Coincheck wallets. In order to calculate the compensation price, the company will use the weighted average of the volume, with reference to the Zaif XEM currency exchange (which is operated by Tek Bureau Inc.). The period of calculation will be the time of the sale stop, 12:09 Japan time on January 26, to the release delivery time, 23:00 Japan time on January 27; while the amount to compensate will be calculated this way: 88.549 yens times the number of XEM held.
They didn’t specified when they will be refunding affected users, although assured will be reimbursing them with their own funds.
The exchange apologized for all the inconveniences caused and promised to restore all services, as well as strengthen their security system and help authorities and law enforcement agents with the ongoing investigation.
Half a billion stolen from its wallet
On January 26, an announcement struck users holding funds on the Japanese trading platform, stating that all withdrawals and other operations were temporarily halted. Hours later, during a public conference, Coincheck executives confirmed the thievery of half a billion worth of XEM, NEM’s native token.
According to technology reporter Yuji Nakamura, the affected crypto-exchange have two flaws in its security system. One of them is the lack of multi-signature technology, a measure most of well-known crypto-exchanges have implemented because it prevents any transaction from being processed on public blockchain networks without the confirmation of a third party security service, such as blockchain security firm BitGo.
The other flaw concerned CoinCheck’s team and their malpractice of holding the vast majority of customer’s funds in online, less secure hot wallets, instead of having them in offline, harder-to-access cold wallets. Since hacks targeting crypto-exchanges have become more common lately, these trading platforms have started to store most of their funds in cold storages, ensuring their safety even if hackers manage to access internet-connected hot wallets.
On a side note, the president of the NEM foundation, Lon Wong, came to dismiss any possibility of a hard fork, alleging that it was CoinCheck’s overconfidence on its flawed security system that made possible the hacking, and not an intrinsic fault in NEM source code. The reason people speculated with the possibility of a hard fork is due to a similar scenario occurred when Ethereum suffered the infamous DAO theft in 2016, having to activate a hard fork in order to recover users’ funds.