Coincheck Starts Refunding Its Hack Victims, Allows Partial Trading For Now

12. Mar 2018 Posted by Akolkar B on News

It looks like things are slowly coming back to normalcy for the Japanese cryptocurrency exchange Coincheck. Earlier this year on January 26th, Coincheck reported one of the biggest crypto hacks in the history where customer funds worth $500 million were stolen in NEM tokens. Soon following the news, Coincheck had suspended all its operations and was under the tight scrutiny and observation of Japan’s financial watchdog - The Financial Service Agency (FSA).

However, as promised by the exchange earlier, it has started to reimburse all those customers who were the victim of the hack. In an official blog post dated today, March 12, the exchange said that it has refunded all the customers at the rate of 88.549 Japanese yen (or $0.83) per NEM token stolen. The compensation plan and amount of $420 million were fixed last month itself in consultation with the FSA.

Moreover, the cryptocurrency exchange also announced that it is again restarting withdrawals for its customers for the following currencies:  Ethereum (ETH), Ethereum Classic (ETC), Ripple (XRP), Litecoin (LTC), Bitcoin Cash (BCH), Bitcoin (BTC). Although the BTC sales were never paused, the exchange has now resumed sales for other altcoins as well.

On the resumption of its service of crypto sales, the exchange its business improvement order: We will solemnly and seriously take the measures we take carefully and will deeply reflect on ourselves and will drastically review our internal control system and management control system and will review the management strategy that thoroughly protects customers.”

The hackers managed to breach through the exchange’s security system which was a low-security hot wallet. As the hackers got access to the private keys, they could easily move funds out of the customer accounts.

According to the latest report released by local news outlet Nikkei Asian Review on March 12, Coincheck’s security system was compromised weeks before the theft took place. An anonymous source close to the police investigation said that hackers had initially sent phishing emails to Coincheck employees in early January. The emails contained links which when clicked by the employees injected the virus into their computer.

As a result, the hackers were able to get access to a large number of accounts holding NEM tokens. Moreover, prior to the theft, the exchange also did not have proper tools to identify the communications between itself and other external hackers.

FSA has asked the exchange to submit a report on March 22nd showing its progress in implementing the necessary security measures to prevent any such events in the future.