One Week Later: Update on the CoinCheck hack

One Week Later: Update on the CoinCheck hack

SHARE

January 26th marked the date when CoinCheck, a top performing Japanese cryptocurrency exchange publicly shared that they’ve been hacked. Soon after information was shared that Ripple and XEM were stolen, but the former was dismissed as additional info transpired that Ripple tokens were taken out of the exchange as a precaution.

This is a follow up from a previous article, and we suggest reading that first if this is the first time you are hearing about the theft.

At the time of writing the official website of the cryptocurrency exchange hosts an apology to all of their clients, other exchanges and everyone affected by the hack. No apologies are given for security malpractices which you will be able to read about below.

Security Malpractice

coincheck apology
This is the apologetic message you can find on the official website of CoinCheck at the time of writing.

Information transpired that the famous exchange did not apply any of the well-conceived security solutions that are unique to cryptocurrencies. Specifically, we are talking about multi-signature accounts and cold wallets.

They implemented neither, but either one of them could have prevented this catastrophe. Just to remind you that over $500 million worth of cryptocurrency (at the time) was stolen from their accounts due to a failure to acknowledge proper security methodology.

With their lack of foresight and ability to properly protect themselves and their clients, they have jeopardized their position on the Japanese markets and caused significant damage to the livelihood of many individuals.

The Stolen XEM

One way for the hacker to "launder" the XEM tokens would be to generate thousands of paper wallets containing a fraction of the stolen amount and to blend in with people withdrawing their newly found funds.
One way for the hacker to “launder” the XEM tokens would be to generate thousands of paper wallets containing a fraction of the stolen amount and to blend in with people withdrawing their newly found paper wallets.

The NEM Foundation already created a tracking tool for the missing 526 million XEM that got stolen in the hack last Friday. This tool will enable exchanges and various exchange apps to track the incoming NEM contributions to their platform and through an API connection to the tool produce cross-referenced results that reveal the address as containing stolen currency.

The addresses are blacklisted and exchanges have said that they will not accept any deposits from these addresses. Additionally, exchange tools such as ShapeShift.io have also expressed their intention to ban these addresses from the system.

The great benefit of public ledgers is that regardless of the fact that the currency got stolen, there is a high chance that the hacker will not be able to retrieve any value contained in the stolen amount.

Premature Warning

The exchange received a warning of possible cyber attacks months before this event, yet they failed to appreciate it and improve security based on this
The exchange received a warning of possible cyber attacks months before this event, yet they failed to appreciate it and improve security based on this.

According to Japan Times, the FSA issued a warning to CoinCheck about this security hole i.e. the fact that they were keeping funds in a hot wallet. The failure of responding to this warning, which was received last September, can result in administrative fines paid by CoinCheck.

The warning caught up to CoinCheck on the 26th of January, and their vulnerability was exploited, which caused the loss of ¥58 Billion.

Promise to return stolen funds

The hands of CoinCheck's hurt customers expecting their money back.
The hands of CoinCheck’s hurt customers expecting their money back after the company promised to refund 90% of the stolen funds.
Photo by Kira auf der Heide

CoinCheck took only two days after the hack to promise a full return of the stolen funds on the platform totaling about ¥46 billion yen, i.e. ~$420 million USD.

While that is not the full amount sitting at approximately 90%, it is still good enough to solicit encouragement.

They plan to repay using the company’s accounts and directly in Japanese Yen (¥). This is a good sign, and it is possible if the FSA allows CoinCheck to continue operations after this crisis has settled down.

Business Improvement Order

The FSA hits CoinCheck with a Business Improvement Order, which is stronger than the previous warnings they issues. CoinCheck has no option except to comply and implement improved security measures.
The FSA hits CoinCheck with a Business Improvement Order, which is stronger than the previous warnings they issues. CoinCheck has no option except to comply and implement improved security measures.

As a response to mitigate any additional damage, the Financial Services Agency (FSA) raided the CoinCheck offices and confiscated computers, hard-drives and paperwork, while at the same time presenting a Business Improvement Order to the CEO of CoinCheck.

Found on their website, the Business Improvement Order reads that the company must:

  1. Investigate the fact and causes of the case.
  2. Provide proper support for their customers.
  3. Take steps to strengthen current security measures.
  4. Creating a clear to understand risk management and prevention guideline together with new measures on how to respond to similar events with an explanation of who is responsible for what.
  5. Provide a written report, i.e. plan about items 1-4 on this list by Tuesday, February 13th, 2018.

They seem to be very inclined to recover, making strong statements about the possibility of upgrading their systems and security protocols.

Considering they haven’t been implementing the available and generally expected security measures, we are certain that they are not going to have a lot of difficulties to reach a new standard of safety for their platform.

Conclusion

The entire event could have been avoided by implementing proper security measures. CoinCheck to reimburse customers. FSA charges CoinCheck with a Business Improvement Order requesting a full report by 13th of February. Photo by <a href="https://unsplash.com/@epicantus">Daria Nepriakhina</a>
The entire event could have been avoided by implementing proper security measures. CoinCheck to reimburse customers. FSA charges CoinCheck with a Business Improvement Order requesting a full report by 13th of February. Photo by Daria Nepriakhina

Regardless of the large amount of funds that have been stolen, this is just a taste of what could have happened should the entire exchange have been liquidated into the hackers accounts.

Fortunately, the CoinCheck team was fast enough to respond and contain this only to NEM tokens. My belief is strong that the management team of CoinCheck is honest and cares about the interests of their customers, and I am looking forward to seeing them hop back on their feet, safer than ever.

This event will be a small lesson learned that will protect the exchange for years to come in this growing cryptocurrency market, should they survive this catastrophe…

One very important side to this story is the fact that not having multisig is leaving the exchange vulnerable to “inside man” attacks, for which the company currently claims with certainty that it was not the case.

How they can evaluate that situation is beyond me, because the hacker might as well hide in plain sight, as one of the technicians attempting to resolve the case. None of this would be possible if multisig was implemented, regardless of the fact that NEM was held in a hot wallet.

We are looking forward to the 13th of February where we expect CoinCheck to publicly produce a plan to the FSA as to how they will approach the issue and what kind of measures they will take to reimburse hurt customers, improve security, and implement new risk and responsibility management policies.

We expect their report to contain a method of repaying customers, as well as a date when this process would be finalized, together with plans to strengthen security and improve on company policy on funds management.

NO COMMENTS

LEAVE A REPLY