Coincheck Hack: A $530 Million NEM Theft Unveiling Centralized Exchange Vulnerabilities

Summary

In January 2018, Coincheck, one of Japan’s largest cryptocurrency exchanges, suffered a colossal security breach, resulting in the theft of approximately $530 million worth of NEM tokens. This incident shedding light on the vulnerabilities inherent in centralized exchanges and emphasizing the urgent need for robust security measures within the crypto ecosystem.

Attackers

The perpetrators behind the Coincheck NEM security breach were linked to a Canadian exchange and a Japanese exchange called Zaif, as identified by the BIG Blockchain Intelligence Group Inc. To facilitate the tracking of stolen funds, the NEM development team implemented an automated tagging system. This system ensures that all funds stolen from Coincheck are marked as tainted funds, allowing cryptocurrency exchanges to easily verify whether stolen NEM funds are withdrawn or deposited into regulated trading platforms. However due to the report of CCN.com, hackers had already laundered 40% of the 500 million tokens despite being tagged by Singapore-based NEM Foundation at the time.

Tokyo police made significant progress in the case, leading to the arrest of two men suspected of hacking Coincheck. The investigation focused on tracking a large-scale transaction that occurred on the dark web, where a substantial amount of NEM was exchanged at a 15% discount. Authorities believe that the hackers managed to convert their XEM funds into Bitcoin. On March 11, 2022, the police took two individuals into custody. While details about the detainees are limited, it is known that they are males—one from Osaka Prefecture and the other from Hokkaido. The Osaka resident stands accused of transacting 24 million NEM coins and potentially accessing around 200 accounts. Both individuals were arrested under the provisions of the Punishment of Organized Crimes and Proceeds of Crime Control Act.

Losses

The attack resulted in the theft of 523 million NEM tokens, valued at approximately $530 million at the time. The stolen funds belonged to Coincheck’s users, consisting of both individual traders and institutional investors. The incident significantly impacted Coincheck’s reputation and raised concerns about the security practices implemented by cryptocurrency exchanges.

Timeline

  • January 26, 2018: Coincheck detected an unauthorized outflow of NEM tokens from their hot wallet, prompting an immediate investigation into the security breach.
  • As a precautionary measure, Coincheck swiftly suspended all withdrawals and deposits of NEM tokens and other cryptocurrencies.
  • January 27, 2018: Coincheck publicly confirmed the security breach, acknowledging the substantial loss of NEM tokens and pledging to compensate affected users.
  • Authorities and regulatory bodies initiated investigations into the incident, focusing on identifying the attackers and recovering the stolen funds.
  • Coincheck announced its intention to compensate affected users by repurchasing the stolen NEM tokens at a fixed rate, ensuring reimbursement for each user impacted by the hack.
  • March 12, 2019: Coincheck completed the reimbursement process, compensating affected users with Japanese yen in exchange for their lost NEM tokens.
  • March 11, 2022: Two individuals, one from Osaka Prefecture and the other from Hokkaido, were arrested by the police. The Osaka resident is accused of transacting 24 million NEM coins and potentially accessing approximately 200 accounts. Both detainees were arrested under the Punishment of Organized Crimes and Proceeds of Crime Control Act.

Security Failure Causes

The Coincheck hack exposed several security failures within the exchange’s infrastructure, including:

  • Inadequate hot wallet security: Coincheck lacked sufficient measures to secure their hot wallet, which enabled the attackers to gain unauthorized access.
  • Insufficient multi-signature authentication protocols: Coincheck’s authentication mechanisms were inadequate, allowing the hackers to exploit vulnerabilities and bypass authentication controls.
  • Lack of comprehensive risk management practices: Coincheck’s failure to implement robust risk management practices contributed to the success of the attack.