Following a massive cyber heist last week that saw hackers steal $530 million of digital money from the Tokyo-based exchange Coincheck, Japanese authorities have said they would investigate all crypto-currency exchanges in the country for security vulnerabilities.
In addition, the Financial Services Agency (FSA) yesterday ordered Coincheck to up its security game, and make improvements to its operations.
The breach, understood to be the largest cyber heist in history, affected around 260 000 customers of the exchange. On Friday, the exchange suspended trading in all crypto-currencies with the exception of Bitcoin, after attackers made off with 58 billion yen ($534 million) of NEM coins, including several of the most popular digital currencies in the world.
NEM is a peer-to-peer crypto-currency and blockchain platform unveiled in March 2015.
Over the weekend, Coincheck committed to returning almost 90% of the 58bn yen worth of coins lost in the heist, but didn't go into detail on how or when.
Boosting trust
Ilia Kolochenko, CEO of Web security company High-Tech Bridge, says although this case is undoubtedly the largest breach in the foggy realm of crypto-currencies, he wouldn't panic. "Coincheck's promise to compensate the victims of the breach is laudable and boosts trust towards digital currencies."
He adds that incident detection within eight hours is also relatively good timing - many large companies take several months to detect similar incidents. "We can clearly see the difference between amateurs operating Mt Gox in 2014, and well-prepared professionals behind Coincheck. It is unclear how the breach took place, but I would not exclude insider activities or at least an accomplice. Hopefully, a technical investigation will shed some light on the incident."
Impossible to revert
Kolochenko adds that the steady growth and increasingly widespread adoption of digital coins makes them more attractive to cyber criminals. "Unlike fraudulent bank or PayPal transactions, theft of digital coins is very difficult to trace and virtually impossible to revert. Despite persistent lack of qualified personnel and insufficient governmental funding, law enforcement agencies managed to build decent teams and effective processes to detect, investigate and prosecute theft from bank accounts."
Unfortunately, he says proper and thorough investigation of incidents involving crypto-currencies is still nascent in most countries. There's a lack of regulation, opaque ownership and decentralisation which makes digital coins a soft target for cyber criminal organisations who can easily boost their profits without increasing their efforts.
"I would expect many similar incidents in 2018, unfortunately."
Share