Lost or stolen crypto?
Contact our Investigations team

What the $534M Coincheck Hack Taught Us All About Safe Storage of Digital Assets

Coincheck hack – the biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored. 

Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many people simply keeping their crypto on centralized exchanges, hot wallets, or even just USB sticks without any password protection.

With the $534M Coincheck hack in January of 2018, security and responsible self-custody of crypto assets quickly became a hot topic of discussion in the media and the crypto community.

You’ll see why.

The Full Story Behind the Coincheck Hack

Coincheck is today one of Japan’s largest crypto exchanges, still trading 10’s of millions of dollars worth of crypto each day, denoted in Japanese Yen (JPY). At the time of the Coincheck hack, it was the largest crypto exchange in Japan, and the attack represented the largest crypto heist of all time in terms of US dollar amount, surpassing the hack of another Japanese Exchange, Mt. Gox. However, the exchange’s response to the Coincheck hack and it’s ability to reimburse the impacted customers means that the exchange was able to continue operating and to grow.

The incident

At 17:57 UTC on Thursday, January 25th of 2018, an attacker gained access to one of Coincheck’s wallets. The wallet was holding the exchange’s entire supply of 523M NEM tokens (NEM was the 10th-largest cryptocurrency by market cap at the time).

Subsequent investigation reveals that the initial access to the wallet on an employee’s PC was achieved by attackers using email phishing to trick an employee to download “Mokes” and “Netwire” viruses which allowed the attacker to gain unauthorized access to the exchange’s private keys. Given that both viruses are known to have been previously deployed by Russian hackers and assumption is that the Coincheck hack is executed by a Russian organized crime group.

When the Coincheck hack occurred, the NEM tokens held by the exchange were valued at around 58 billion yen at the time of detection worth around $534M. Worse, the tokens were in the custody of the exchange, but most of them actually belonged to the users who were holding or trading NEM tokens on the Coincheck platform.

The Coincheck hack went unnoticed for nearly 8 and a half hours when at 02:25 UTC on Friday, January 25th, employees at Coincheck realized the wallet had been drained thanks to complaints from users about failed transactions involving NEM tokens.

How did the Coincheck hack attacker gain access?

The wallet that the tokens were being held in was a low-security “hot wallet”, some examples of which include Metamask and Phantom. These wallets are convenient for interacting with dApps (decentralized applications) online and storing cryptocurrencies or NFTs for easy access and use. However, they sacrifice security measures to achieve such convenience. Without 2FA (two-factor authentication) enabled, many hot wallets can be accessed with nothing more than the private key (or the 12-24 word seed phrase).

The Coincheck hack hacker used a phishing scam to install malware on an employee’s computer to obtain the private key to the hot wallet that was holding Coincheck’s NEM token liquidity pool, and was therefore able to access the wallet and drain it of all funds.

The aftermath

Shortly after the breach was identified, Coincheck disabled all withdrawals from the platform and immediately reported the incident to Japanese financial authorities and police. It was dubbed “the biggest theft in the history of the world” at the time, but that’s no longer the case thanks to subsequent thefts that have happened in the crypto industry, mostly in 2021-2022.

Besides the direct losses, as a result of the Coincheck hack NEM, at the time the 10th-largest crypto-currency by market value, fell 11% over a 24-hour period to 87 cents. Among the other crypto-currencies, Bitcoin dropped 3.4% and Ripple retreated 9.9%.

Of course, this event started a widespread discussion about cybersecurity pertaining to blockchain technology and safe crypto storage of digital assets at the time. Even though multisig wallets (blockchain wallets that require multiple signees to perform any transaction) existed and were being used by Coincheck for some of their other assets at the time, it would now be inconceivable for an exchange or cryptocurrency project to keep any funds in an unsecured hot wallet; it should be inconceivable for you as well.

Coincheck Returning Lost User Funds

Coincheck, still based in Tokyo’s Shibuya district (the same district which the now defunct Mt. Gox exchange once called home), has continued to operate and maintain its spot as one of Japan’s leading crypto exchanges.

In the end, 260,000 users were affected by the Coincheck hack. However, the exchange promised to return the funds using their own capital to all users who were in possession of NEM on the platform at 23:59:59 JST on Jan. 26, 2018.

They were praised for this move, as it was the exact opposite of how Mt. Gox responded to their 2014 attack, which was to declare bankruptcy and begin a long legal process for returning funds which still hasn’t reached a conclusion in 2022.

Their reimbursement plan was effective from March 12, 2018, and they returned 90% of all funds to users according to the parameters outlined above.

Although this Coincheck hack shook the industry, it also made many crypto exchanges realize that they need to improve their security and keep their customers’ assets safe. Coincheck set a great example by being able to compensate for the losses of their customers after the Coincheck hack.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

Related Posts

Share via
Copy link
Powered by Social Snap