The coins were stolen via several unauthorized transactions from a hot wallet at 3:00 am local time on Friday, Jan. 26.
Following the hack, the Coincheck exchange has hosted a press conference, live streamed by the Niconico platform, to provide the details of what has happened and what’s coming next.
NEM stored on hot wallet, private key stolen
According to the exchange’s representatives, the hackers have managed to steal the private key for the hot wallet where NEM coins were stored, enabling them to drain the funds.
All the stolen money belonged to the customers of the exchange. The ‘inappropriate’ movement of the funds was reported by Coincheck to Japan’s Financial Services Agency, as well as the police later on the same day.
Shortly after the breach, the company halted all withdrawals from the site, hoping to stop any further damage to its funds. When asked whether they will begin allowing “at least” fiat currency withdrawals soon, Coincheck replied that that will be done after they have determined the best way to proceed.
It has come to light that the funds were being stored on a simple hot wallet rather than a much more secure multisig wallet.
Coincheck’s representatives have claimed that the security setup differs between various coins on the exchange.
Other cryptocurrencies on the site are currently stored in multisig wallets, but the NEM was not. When pressed by the media, the company insisted that “security standards were not low,” however the lack of multisig protection for NEM may indicate the opposite.
The company made clear that they use various wallet types for housing different assets. Specifically, Bitcoin and Ether are stored in cold storage wallets, with Bitcoin additionally having a multisig address. Ether, “given its nature,” is not stored on a multisig wallet.
According to their statement, more than half of Coincheck’s 80 permanent employees work on security systems.
What comes next?
Going forward, Coincheck claimed that it knows the address where the stolen NEM is currently being stored by the hackers, and is hoping to be able to track the culprits.
While the company cannot currently disclose how many users were affected, they have expressed a desire to refund all the money that was lost.
When asked whether they are going to resume operations or will have to declare bankruptcy, Coincheck said that ‘in principle’ they plan to keep operating.
While the exchange has expressed a desire to refund all lost funds, they nevertheless are still considering how to approach the situation. Per the press conference, the “worst-case scenario” would be that the funds can never be returned.
When asked whether they have any words for the customers, Coincheck representatives have said that they “deeply regret” what happened.