Hacked Japanese exchange Coincheck is getting ready to start compensating its customers next week as it plans to resume operations. The exchange has been slapped with two business improvement orders so far by Japan’s financial regulator and may stop trading some cryptocurrencies for safety reasons.
Repayment Beginning Next Week
Major Japanese cryptocurrency exchange Coincheck announced on Thursday that it will start compensating customers next week, according to Nikkei. The exchange was hacked on January 26 and lost approximately 58 billion yen (~USD$550 million) worth of the cryptocurrency NEM, held by approximately 260,000 customers. The incident forced the company to suspend nearly all of its services.
Coincheck’s repayment plan revealed on Thursday is in line with the company’s announcement in February, according to COO Yusuke Otsuka. The exchange has promised to repay victims 88.549 yen for each of the NEM coins stolen, which is a total of 46 billion yen. However, some are criticizing this decision, demanding compensation of the full amount at the time of the hack.
The exchange is also repaying victims in Japanese yen, rather than in cryptocurrency, adding that the funds will appear in customers’ accounts starting next week. Meanwhile, multiple lawsuits have already been filed against the company by victims for the return of their cryptocurrencies.
Method of Attack
The investigation by the Japan Exchange Group (NEC) and five financial security companies revealed that “the cause of the leakage is seen as a malware infection via email to employee PCs,” Oricon reported. Multiple Coincheck employees received the malware-laced email, Otsuka described. Once an infected link was clicked, the virus spread, leading to the NEM theft, Nikkei explained.
However, the COO cannot reveal whether the email originated from overseas or within Japan. “I am under investigation and I cannot reveal it,” the news outlet quoted him saying. Emphasizing that cryptocurrencies will be stored in cold wallets going forward, he detailed:
In order to prevent re-attacks, we reconstructed our internal network, [which is] constantly monitored…restructured servers in new environments, and fully replaced business PCs.
FSA’s Improvement Orders
Following the hack, the Japanese Financial Services Agency (FSA) immediately summoned Coincheck to explain the situation and slapped the exchange with a business improvement order. Then on Thursday, the agency handed the exchange another improvement order, as it punished six other exchange operators with inadequate customer protection measures.
“We will undertake a fundamental review of the management system in response to the second improvement order, examine the contents and report it” the Sankei Shimbun quoted Otsuka saying in a press conference. Furthermore, he emphasized, “We believe that we can continue the service.”
Otsuka added that “From the second half of last year the price of the entire virtual currency [market] soared, the number of users increased, and our business expanded.” CEO Koichiro Wada admitted:
Personnel was not enough for [securing our] system…I tried to expand by utilizing recruiters and introduction companies, but it led to a case like this [hack].
Furthermore, the exchange plans to resume operation next week, Nikkei reported, elaborating that “Coincheck gradually will resume trading for those digital currencies it has deemed safe and may stop handling cryptocurrencies with a high degree of anonymity.”
What do you think of Coincheck’s plan to compensate victims and its business decisions going forward? Let us know in the comments section below.