This most recent hacking heist sends an important message to investors with cryptocurrency exchange accounts: If you don’t secure your cryptocurrency via cold-storage your investment may be vulnerable.
The Japanese cryptocurrency exchange Coincheck has shut down trading and withdrawals from accounts after a reported theft of more than 500 million XEM—the blockchain-based cryptocurrency created by the NEM Foundation. Coincheck announced the shutdown of NEM deposits at about noon Japan Standard Time Friday (10:00pm Eastern Time on Thursday).
At the time of the theft, 500 million XEM was worth approximately $400 million US were sent outside Coincheck’s venue. On Friday police were reportedly at Coincheck’s offices and Japan’s Financial Services Agency is looking into situation. Coincheck is reportedly still trying to determine the nature of the attack.
Other cryptocurrencies were not impacted.
According to the BBC:
Hackers broke in at 02:57 (17:57 GMT) on Friday, the company said in a statement, but the breach was not discovered until 11:25, nearly eight and a half hours later.
Coincheck is ranked as the forth largest cryptocurrency exchange in Japanese trading by market share on CryptoCompare.
CNBC reports that: “Coincheck said that around 523 million of the exchange's NEM coins were sent to another account around 3 a.m. local time (1 p.m. ET Thursday), according to a Google translate of a Japanese transcript of the Friday press conference from Logmi.
This theft outranks the previous hack of the Tokyo cryptocurrency exchange, MtGox.
The MtGox trauma that hit early cryptocurrency investors in 2014, the largest exchange at the time, revealed that some 850,000 Bitcoin, valued at $470 million, had been stolen.
Lon Wong, the president of the NEM Foundation, was quoted by Sead Fadilpašić and Stuart Garlick of Cryptonews.com as saying about the Coincheck hack, “This is the biggest theft in the history of the world.”
Coincheck management says it held the NEM coins in a "hot" wallet, which refers to a method of storage that is linked to the internet. A lack of multi-sig wallets, in which multiple keys are needed to authorize a transaction, are cited by security analysts as part of the vulnerabilities that facilitated the hack.
Cryptonews reports that Wong said NEM’s technology was not responsible and that Coincheck did not implement NEM’s multi-signature smart contract, “and that's why they could have been hacked. They were very relaxed with their security measures.” It is not clear if there was actually a “hack” at this point.
As tweeted by Joseph Young, Finance and Cryptocurrency Analyst writer at Hacked:
Security flaws and hacks have been a major concern for investors of the Bitcoin and cryptocurrency community, with such thefts at times warding off potential investors.
It’s important to keep your cryptocurrency in a cold-storage vault. If you don’t secure your cryptocurrency in a cold-storage solution your investment is vulnerable to hot wallet hacks. Store your digital assets such as BTC, ETH, or LTC away from exchanges and hosted wallets.
The message we in information security have for you is simple: If you wouldn’t think of leaving your favorite Häagen-Dazs out on the counter, why would you leave your precious investments in a hot wallet? Keep your ice cream and your cryptocoins in cold storage:
Disclosure: Dunvegan is a CISSP with over 25 years experience in information security. Clients have included both major US stock exchanges, energy trading floors, banks, and international fiduciary entities.