The Japanese cryptocurrency exchange site, Coincheck is being sued after losing the equivalent of $660 million worth of the cryptocurrency NEM in a recent hack.
The loss occurred after hackers obtained the funds by accessing Coincheck’s “hot wallet” on their website[1]. Disturbingly, the Coincheck hack was not discovered until eight hours after the actual breach[2].
This is not the first time a cryptocurrency exchange site has been hacked and funds stolen. In 2014, another Japanese exchange site, Mt Gox was hacked, with more than $450 million USD going missing[3].
Cryptocurrency exchange sites are prime targets for hackers trying to access cryptocurrency. These websites act as public exchange spots. The “hot wallet” from which funds are stolen acts as an online repository of cryptocurrency currently being traded at that time. As a rule of thumb, cryptocurrency should be kept in a “cold wallet” which remains offline, making it safe from the threat of hackers.
Coincheck has assured its users that the missing funds can be tracked. Apparently, the missing NEM can be traced through its block chain, however, it is uncertain if all the funds can be recovered to all of its users’ accounts[4].
The biggest problem regarding the security of cryptocurrency is the vulnerability of the exchange sites themselves. In late December 2017, the Korean exchange site Youbit had to file for bankruptcy as it had been hacked several times, despite the sites apparent popularity as a safe and anonymous financial asset.
Cryptocurrency is vulnerable to theft just as funds are in online banking. Therefore, it is prudent for cryptocurrency traders to protect themselves in similar ways as the banking industry.
The legislation and regulation surrounding the secure trading of cryptocurrency is very new. Japan, in particular, has the strongest regulations to date. It will be interesting to observe the legal proceedings against Coincheck and whether this may lead to stricter and more global regulations controlling the transaction of cryptocurrency.
Despite the strong regulations in Japan, many exchange sites do not undergo any regulation or scrutiny by governments or higher finance regulators. In Coincheck’s case, their application to the Japanese government as a regulated exchange site had only been submitted inSeptember 2017 and they were still permitted to operate during this time.
IT security and financial analysts should work together to identify key security issues which will not only require the development of stronger and more efficient security systems but also of enforceable regulations and standards. This way, any cryptocurrency exchange website can be held accountable to enforceable standards.
For further information and assistance in securing your networks and cryptocurrency wallets, please do not hestiate to contact Agilient.
The Agilient Team
[1] https://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056
[2] https://www.bbc.com/news/world-asia-42845505
[3] https://motherboard.vice.com/en_us/article/ne4xdk/a-cryptocurrency-theft-bigger-than-mt-gox-just-happened-in-japan-coincheck-nem
[4] https://fortune.com/2018/01/29/japan-coincheck-cryptocurrency-hack/