Breach, Threat Management, Data Security, Threat Management

Hacked cryptocurrency exchange to reimburse customers after largest heist in history


Tokyo-based cryptocurrency exchange Coincheck Sunday told customers it would be repaying about 90 percent of the $534 million worth of NEM coin stolen by hackers just two days prior in one of the largest crypto-heists.

The firm said it would repay roughly 260,000 owners of the cryptocurrency in Japanese yen although the company is still working on how and when it will fulfill its promise, according to Reuters.

Japanese authorities Monday ordered Coincheck to raise its security standards and announced that it would investigate all cryptocurrency exchanges in the country for security gaps. The NEM coins were stored in an online “hot wallet” as opposed to a more secure “cold wallet” which stores the coins more securely offline.

While this may have been the largest cryptocurrency breach in history, some security researchers recommend users refrain from panicking as Coincheck's announcement to reimburse victims is laudable and boosts trust towards digital currencies. Ilia Kolochenko, chief executive officer (CEO) of High-Tech Bridge, praised Japanese authorities and Coincheck's response to the situation.

“Incident detection in eight hours is also comparatively good timing: many large companies detect similar incidents in a few months,” Kolochenko said. “We can clearly see the difference between amateurs operating Mt. Gox in 2014, and well-prepared professionals behind Coincheck. It is unclear how the breach took place, but I would not exclude insider activities or at least an accomplice.”

Kolochenko added that the wider adoption of cryptocurrencies increase their attractiveness for cyber criminals and that transactions are difficult to trace and revert in the instances of thefts and that proper investigation of incidents with crypto-currencies is still nascent in most countries. Unfortunately he expects to see more similar attacks in 2018.

In a separate theft, hackers made off with at least $150,000 Worth of Ethereum from Experty ICO, after cybercriminals tricked Experty ICO participants into sending Ethereum funds to the scammers wallet address.

Initial coin offerings, or ICOs, are similar to an initial public offering with cryptocurrency. Cybercriminals spoofed an email from Experty urging users to send their funds in to an “early bid.” The hacker compromised the computer of one of the people who signed up for Experty's PoC (Proof-of-Care) review in order to obtain the victim's email address to send the phishing email.

Experty initially said it would give 100 EXY tokens (worth around $120) to every person in their email database but later announced extra compensation for users who sent funds to the scammer's wallet, according to a Jan. 28 statement by the firm.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.