Last Friday, Kyodo News reports, Japan’s Financial Services Agency announced a probe into a further 15 cryptocurrency companies still undergoing government registration in order to assess customer protection systems after Coincheck Inc. reported the largest theft of NEM coins in history.
The financial services watchdog swooped down on Coincheck days after a hacking attack saw 580 billion yen ($540 million) worth of NEM coins illicitly siphoned out in a breach of security affecting 260,000 investors — almost all of Coincheck’s members.
On January 26, in the early hours of the morning, 523 million NEM coins worth approximately one dollar each were scammed from Coincheck. It comes as a major blow to Japan, one of the first countries that has sought to implement innovative cryptocurrency regulation since the Mt. Gox bitcoin theft in Japan unfolded in 2014. During this earlier hacking scandal 850,000 bitcoins went missing worth $450,000 and the money has not been recovered since.
While grappling with the unprecedented cryptocurrency heist, the Financial Services Agency is also reeling from having developed a leading regulatory framework that has gone wrong overnight. At a cabinet press conference, Finance Minister Taro Aso vowed to inspect all virtual currency firms undergoing mid-registration by launching an on-site investigation plan. He said it was pivotal to “securing customer protection and trust.” The inspection will assess whether proper risk management systems are being prioritized while authorities also analyze the contents of firms’ security reports. At the top of the list are five preregistered virtual currency exchangers, which have already been notified of impending inspections. Financial Services will start making the rounds to the remaining 11 firms in turn.
Despite regulations introduced in April last year that legally require all virtual currency operators to be registered, Japan has come under scrutiny for turning a blind eye to rampant misconduct. With many companies predating regulation, in order to prevent disruptions to consumers Japanese authorities have allowed a transitional period. As a result, of the 32 virtual currency exchangers operating in Japan, 16 have been verified and approved by the Financial Services Agency; the remaining 16 are still operating pending approval and verification. They are considered “preregistered” and will continue business as usual under the nose of regulators until they satisfactorily adjust company practices with new government rules.
Established in 2012, Coincheck has been left to pick up the pieces of a once promising company, which boasted accolades on the company homepage of being a leading cryptocurrency provider in Asia. The Tokyo-based start-up is in hot water with not only investors but also the National Police Agency since it was revealed they failed to follow basic security steps essential for government approval. Although Coincheck hasn’t revealed precisely how the money was stolen, they ruled out the possibility of an inside job. What we know so far is that, while common industry practice encourages virtual currency exchangers to keep customer deposits in “cold” accounts not accessible online, Coincheck instead kept customer assets in “hot wallets” on an online server, making it vulnerable to hacking.
In addition to a government inspection in the first week of February and a suspension of operations for close to two weeks, Coincheck submitted a business improvement proposal to the Financial Services Agency and National Police Agency on February 13 outlining the facts and causes that led to unauthorized access. Financial Services inspectors are currently ascertaining whether Coincheck is in a financial position to reimburse customers in line with their promises so far.
To make matters worse, Coincheck has been slapped with a group lawsuit launched by investors and in recent weeks they have come under fire for malpractice, poor organizational culture, and reports of poor customer service. Coincheck executive Yusuke Otsuka told reporters they are “taking it step by step,” according to Kyodo News. While promising to compensate all victims for their losses, albeit at a lower exchange rate, company executives haven’t explained concretely how or when they intend to do so. While other digital currencies like as Bitcoin are making gains, the NEM price has been declining steadily.
With the help of a Singapore NEM cryptocurrency firm, the stolen coins have been tagged and tainted, making it easier to track once the thieves attempt to transfer their ill-gotten coins into currency by officially recognized avenues. The stolen NEM coins have been traced back to 11 different addresses but at this stage the perpetrator cannot be identified.