It was the biggest haul of cryptocurrency ever stolen by a hacker. And it took place, Friday 3am Japanese time in a heist that left the Japanese crypto community dazed and worried about that this could happen in their country again, less than four years after another Japanese exchange Mt Gox was hacked, putting it out of business. The hacker was able to break through the security of Coincheck, a Tokyo based exchange and made away with a haul between $400 million and $534 million worth of NEM.
This fact has caused the whole community to focus its attention on the security practices of the exchange because it seems that minimal security measures that ought to have implemented at such an exchange was not enough.The fact that the hacker was able to ‘cart’ away the cryptocurrency means that they were left in an online wallet referred to as a hot wallet within cryptocurrency circles. A backup security measure should have been put in place to secure the wallet with a multi-sig, an application that would have made it practically impossible for the access code to the wallet to have been breached.
Japan, despite having had the unfortunate happenstance of having their biggest exchange hacked in 2014 has bounced back to become one of the exemplary countries that have implemented a crypto-friendly regulation that has seen digital currency growth in the country. Just last week, the Bank of Japan seemed to have had a positive assessment of the progress cryptocurrencies have made in the country. The January 26 hack must put them off guard, just as it did the management of Coincheck who seem at a loss at what happened . They must be wondering how the hacker could have gained access to the wallet.
Wakata Koichi Hoshihiro, the president of Coincheck was in an awkward position during a press conference on Friday after the hack when asked about the security practices of the company. He hesitated a moment before rendering an apology, and give an apparent confirmation that the 500 million NEM was left in a hot wallet without multi-sig protection.
A common disaster in cryptocurrency storage is leaving a substantial amount in a hot or even a single wallet. It would have been expected that Coincheck learnt from the misfortune of Mt Gox which lost 850,000 bitcoins in 2014.
Although the identity of the hacker is still unknown, they will find it difficult moving the loot because hours after the hack, the NEM team moved to get the address blacklisted, meaning that no exchanges may transact with the hacker. Though there may be no guarantees. The alternative would have been to roll back the NEM protocol and fork away the hacker’s wallet with the coins. Though this would be doing Coincheck a favor, it would also mean that transactions on the NEM platform is no longer immutable. A feature of blockchain that has made the technology attractive to many.
These are difficult times for Coincheck. The exchange has promised to compensate customers that lost their coins in the heist, even as the concerned authorities are investigating the case. It is obvious that the only way Coincheck could pay back the customers is if they are allowed to continue doing business despite the fact that their reputation has been dented and they would have a hard time convincing customers that they are competent to manage an exchange.