SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Coincheck promises £380m refund after massive cryptocurrency breach
Tue, 30th Jan 2018
FYI, this story is more than a year old

​Tokyo-based cryptocurrency company Coincheck announced on Sunday that it would refund around £380 million of the virtual money it recently had stolen.

This amounts to almost 90 percent of the 58 billion yen worth of NEM coins the company lost from its roughly 260,000 customers.

CEO of web security company High-Tech Bridge Ilia Kolochenko says both the breach and Coincheck's actions afterwards are groundbreaking.

"This case is undoubtedly the largest breach in the foggy realm of crypto-currencies,” says Kolochenko.

“Nonetheless, I would certainly refrain from panic: Coincheck's announcement to compensate the victims of the breach is laudable and boosts trust towards digital currencies.

Coincheck discovered the attack on Friday last week and was forced to suspend withdrawals of all cryptocurrencies except bitcoin.

The company held a press conference on late Friday and disclosed that its NEM coins were stored in a ‘hot wallet' as opposed to the more secure ‘cold wallet' outside the Internet.

When asked why, Coincheck president Koichiro Wada pointed to technical difficulties and a lack of sufficient staff capable of dealing with them.

Incident detection in eight hours is also comparatively good timing: many large companies detect similar incidents in a few months. We can clearly see the difference between amateurs operating Mt. Gox in 2014, and well-prepared professionals behind Coincheck,” says Kolochenko.

“It is unclear how the breach took place, but I would not exclude insider activities or a at least an accomplice. Hopefully, a technical investigation will shed some light on the incident.

Kolochenko says the steady growth and wider adoption of digital coins continuously increases their attractiveness for cybcercriminals.

“Unlike fraudulent bank or PayPal transactions, theft of digital coins is very difficult to trace and virtually impossible to revert,” Kolochenko says.

“Despite persistent lack of qualified personnel and insufficient governmental funding, law enforcement agencies managed to build decent teams and effective processes to detect, investigate and prosecute theft from bank accounts.

And in spite of the recent and growing spate of attacks involving cryptocurrencies, Kolochenko says proper investigation of incidents is still nascent in most countries.

“Lack of regulation, opaque ownership and decentralization - make digital coins a low hanging fruit for cyber gangs who can easily grow their profits without increasing their efforts. I would expect many similar incidents in 2018, unfortunately,” Kolochenko concludes.