The more than $500 million cryptocurrency heist at a major Japanese exchange last week is unlikely to be the last such hack, according to a Wall Street analyst.
“I think [the attack] does highlight the fact that the industry still has a long way to go in terms of basic issues of security,” Nicholas Colas, co-founder of DataTrek Research, told CNBC’s “Squawk Box” on Monday.
“This is certainly not the first, nor will it be the last, such hack attack on cryptocurrencies and, all things considered, I think they’re taking it fairly well in terms of price,” Colas added.
His comments came after Japanese exchange Coincheck announced Friday that around 523 million of its NEM coins had been directed to another account. Those coins were reportedly worth approximately 58 billion yen ($534.8 million) when the hack was detected.
The exchange later said in a blog post on Sunday that it would be making reparations to roughly 260,000 affected users, adding that it offered its apologies for the “immense distress” caused to customers following the hack. Around 46.3 billion yen ($425 million) will be returned in total, although Coincheck said the method and period of reparation had yet to be decided.
Coincheck management said in a press conference last week that it held the NEM coins in a “hot” wallet, referring to a method of storage that is linked to the internet — a method that was “not industry standard,” according to Colas.
“Keeping 100 percent of your crypto assets online is a bad idea for an institution, or frankly, for an individual who has a large amount invested in it as well,” he said.
As for who the hackers could be, the analyst ventured that a group — rather than an individual — was more likely to be responsible.
“The typical hackers in cryptos have been organized groups [as opposed to] lone attackers. Because, obviously, once you get the coin, you’ve got to figure out how to atomize it and monetize it in some way and that’s a bigger challenge than typically one person can do,” Colas explained.
In the latest development in the saga, Japanese financial regulators on Monday indicated that they had plans to enforce “administrative punishment” against Coincheck following the massive hack, Reuters reported.
Local news agency Kyodo reported Monday afternoon that the Tokyo Metropolitan Police intended to carry out voluntary questioning of those associated with the exchange.
— CNBC’s Evelyn Cheng contributed to this report.