A cryptocurrency exchange in Japan is coming under government scrutiny after it said hackers stole $530 million from its users.
The exchange, Coincheck, has promised to partially refund the 260,000 cryptocurrency investors affected by the theft, although it didn’t say when it would do so or where it’s getting the money from.
The hacking at Coincheck, which bills itself on its website as “the leading bitcoin and cryptocurrency exchange in Asia,” came to light over the weekend. If confirmed, it’s expected to rank as the biggest such theft on record, eclipsing the estimated $400 million in bitcoin stolen from Mt Gox in 2014.
Coincheck said the hackers stole customer deposits of NEM, a less well known digital currency.
The exchange promised to use cash from its own funds to pay out ¥46.3 billion ($426 million) toward covering its users’ losses. That’s about 20% less than the total value of the virtual tokens that were stolen.
Coincheck said in a blog post that the hack “has caused immense distress to our customers, other exchanges, and people throughout the cryptocurrency industry.”
“We would like to offer our deepest and humblest apologies to all of those involved,” the exchange said. It has currently suspended trading in all virtual currencies apart from bitcoin.
The price of NEM plunged almost 20% after the theft came to light over the weekend, but it has since recovered those losses.
Coincheck didn’t respond to repeated requests for comment on how exactly it will fund the customer refunds.
A Japanese government spokesman said Monday that Coincheck would be asked to improve its business practices following the hack. Financial authorities are supervising the company’s response to the theft, he said.
The Coincheck hack is the latest in a series of attacks targeting digital currency exchanges. Cybercriminals have been taking advantage of security weaknesses at young, often unregulated businesses that are handling huge sums of other people’s money.
“Large scale hacks are among the biggest risks faced today by the global crypto community,” said Henri Arslanian, a financial technology expert at consulting firm PwC in Hong Kong.
Mt Gox, also based in Japan, was the world’s biggest cryptocurrency exchange when hackers broke in and stole an estimated $400 million worth of bitcoin almost four years ago. Mt Gox went bankrupt shortly afterward and affected users still haven’t been compensated.
The meteoric rise in the value of bitcoin and other cryptocurrencies over the past year or so appears to have intensified interest from thieves.
Last month, South Korean bitcoin exchange Youbit filed for bankruptcy after being targeted by cybercriminals twice in the space of a few months.
In a separate incident last month, hackers made off with more than $70 million worth of bitcoin from NiceHash, a digital currency trading platform based in Slovenia.
Many exchanges have grown very quickly as trading has taken off but haven’t focused on improving cybersecurity, Arslanian said.
That situation has created difficult questions for national governments on how to regulate the industry.
Some countries have taken a tough approach. China has tried to effectively ban trading in bitcoin.
Japan has taken a lighter touch. Last year, the government officially recognized bitcoin as a form of currency and started licensing exchanges.
But because Coincheck was already in business before the new rules came into effect, it wasn’t yet registered with authorities.
— Yoko Wakatsuki contributed to this report.
CNNMoney (Hong Kong) First published January 29, 2018: 3:36 AM ET