Coincheck NEM Token Hack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 13:43, 10 May 2024 by Azoundria (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

The hack was carried out through the NEM (XEM) token which was stored entirely in hot wallets. This was the largest theft in fiat dollars, surpassing Mt. Gox, and affected 260,000 traders.

This exchange or platform is based in Japan, or the incident targeted people primarily in Japan.[1][2][3][4][5][6][7][8][9][10][11][12][13][14]

About CoinCheck

“This year started with one of the biggest crypto heists ever. Around 500 million XEM coins (native cryptocurrency of the NEM project) were stolen from the hot wallet of Tokyo-based crypto exchange Coincheck.” “In the spring of 2018, hackers infected the computers of Coincheck employees with a virus which allowed them to commit one of the largest thefts in the cryptocurrency world. More than $548 million of NEMs were stolen due to the cyber attack. Electronic security experts found that the virus penetrated the system through an infected e-mail message which was opened by one of the exchange employees.”

"The Coincheck hack is the latest in a series of attacks targeting digital currency exchanges. Cybercriminals have been taking advantage of security weaknesses at young, often unregulated businesses that are handling huge sums of other people's money." “In a press conference hosted soon after the hack, Coincheck provided the details of the attack, stating that the attackers succeeded because the stolen NEM was stored in a hot wallet. The hackers managed to steal the private keys for the wallet, successfully draining the funds into their own wallets.” “The platform announced a reimbursement plan in March after facing class action suits and intense probing by Japan’s Financial Services Agency. At the time, Coincheck said it lacked staff experienced in conducting internal checks, and performing management and security risk assessments.” “Coincheck’s misadventures led to its acquisition by Monex Inc., a Japanese financial services group in April 2018. Monex was interested to increase the company’s international outreach. It took ten months for the dust to settle, but Coincheck has now resumed its trading services.”

"On August 19, 2020, the Tokyo District Court issued an order of seizure for a portion of misappropriated funds that were stolen from the Tokyo-based crypto exchange Coincheck. The value of XEM tokens has dropped by 93% [since the original hack]. The original sum is now estimated to be worth around $39 million. Reportedly, the court issued an order of seizure from Takayoshi Doi, an Obihiro City doctor. Doi is not suspected of being involved in the 2018 hack; however, he was charged for his purchase of XEM originating from the hack. This action marked the first time that a Japanese court ordered the seizure of cryptocurrency. The funds in question amount to roughly 4.8 million yen ($45,000) in both XEM and bitcoin. Doi is expected to keep the funds safe until an official verdict is handed down"

This exchange or platform is based in Japan, or the incident targeted people primarily in Japan.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Coincheck NEM Token Hack
Date Event Description
January 1st, 2018 12:00:56 AM MST Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $530,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

Coming soon.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Coincheck Has Now Reinstated All Cryptos After January Hack - CoinDesk (Feb 6, 2020)
  2. Coincheck (Feb 6, 2020)
  3. Latest News on Coincheck | Cointelegraph (Feb 6, 2020)
  4. 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)
  5. From Coincheck to Bithumb: 2018’s Largest Security Breaches So Far (Feb 23, 2020)
  6. Lessons Learned from the Biggest Crypto Hacks in History (Feb 26, 2020)
  7. The Biggest Cryptocurrency Hacks of 2018 (A Year in Which $1 Billion Crypto Was Stolen) (Feb 26, 2020)
  8. A Look Back on Some of the Most Devastating Crypto Hacks | Fintech Singapore (Feb 27, 2020)
  9. Crypto Exchange Hacks in Review: Proactive Steps and Expert Advice (Mar 2, 2020)
  10. Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
  11. The Wild West Of Crypto Hacks In One Graph (Mar 14, 2020)
  12. CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20, 2021)
  13. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
  14. Timeline of Cyber Incidents Involving Financial Institutions - Carnegie Endowment for International Peace (Dec 12, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Coincheck_NEM_Token_Hack&oldid=5773"