After Biggest Cryptocurrency Hack, Japan Says Exchanges Will Be Investigated For Security

Following the biggest cryptocurrency theft in history, Japan will investigate all exchanges of virtual currencies in the country for the security measures they employ against potential hackers. Japan’s Financial Services Authority (FSA) also ordered improvements at Coincheck, the exchange which was hacked Friday, prompting the investigations.

Japanese Finance Minister Taro Aso told reporters, following a cabinet meeting Tuesday: "It was a matter for great regret that illicit access caused a massive cryptocurrency outflow from Coincheck on Friday. The Financial Services Agency must appropriately monitor cryptocurrency traders to protect users. We will appropriately weigh the balance between promotion of innovation and protection of users in (supervising) cryptocurrency exchanges."

Within a span of about 20 minutes on Friday, hackers broke into the Coincheck system and stole NEM tokens worth over $530 million. The exchange announced Sunday it would reimburse all affected users — almost 260,000 of them — who were affected by the hack by putting back in their accounts the same number of tokens that were stolen, but at a lower value than at the time of the hack.

Coincheck was given till Feb. 13 to provide FSA with details of a plan to improve its risk management system, in order to prevent another hack in the future. The exchange was also being investigated by Tokyo police for any possible violations of the country’s laws on access to computers and computer networks.

An FSA spokesperson told reporters Monday that Coincheck had not investigated properly the main flaw in its security that led to the hack, or even fully considered steps it needed to take to ensure there isn't a repeat. Also on Monday, Aso told the budget committee of the Japanese Parliament’s lower house that the security setup at Coincheck "lacks basic knowledge and common sense."

As part of its survey of all Japanese cryptocurrency exchanges, FSA will specifically look into how these exchanges maintain the virtual currency accounts of their users. The accounts are usually either kept in virtual currency wallets that are called cold, because they are not connected to external networks, or they use multisignature security systems, which divide security keys for the accounts across multiple devices or users.

The system at Coincheck used neither of the two methods.

Japan introduced regulation for cryptocurrency exchanges in April 2017, requiring them to register with FSA. The country also accepts virtual currencies as a valid method of payment, but the law still does not hold them at par with actual currencies. Both the FSA and Aso have said they don’t want to stifle innovation with heavy regulation of the digital currency industry, but striking a balance with protecting users is clearly a tough job.

Before the Coincheck hack, the dubious distinction for the world’s largest cryptocurrency theft was also held by a Japanese exchange. In 2014, Mt. Gox lost about $460 million worth of bitcoin, and was forced to close down soon after.