Story image

Coincheck promises £380m refund after massive cryptocurrency breach

30 Jan 18

​Tokyo-based cryptocurrency company Coincheck announced on Sunday that it would refund around £380 million of the virtual money it recently had stolen.

This amounts to almost 90 percent of the 58 billion yen worth of NEM coins the company lost from its roughly 260,000 customers.

CEO of web security company High-Tech Bridge Ilia Kolochenko says both the breach and Coincheck’s actions afterwards are groundbreaking.

"This case is undoubtedly the largest breach in the foggy realm of crypto-currencies,” says Kolochenko.

“Nonetheless, I would certainly refrain from panic: Coincheck's announcement to compensate the victims of the breach is laudable and boosts trust towards digital currencies.”

Coincheck discovered the attack on Friday last week and was forced to suspend withdrawals of all cryptocurrencies except bitcoin.

The company held a press conference on late Friday and disclosed that its NEM coins were stored in a ‘hot wallet’ as opposed to the more secure ‘cold wallet’ outside the Internet.

When asked why, Coincheck president Koichiro Wada pointed to technical difficulties and a lack of sufficient staff capable of dealing with them.

Incident detection in eight hours is also comparatively good timing: many large companies detect similar incidents in a few months. We can clearly see the difference between amateurs operating Mt. Gox in 2014, and well-prepared professionals behind Coincheck,” says Kolochenko.

“It is unclear how the breach took place, but I would not exclude insider activities or a at least an accomplice. Hopefully, a technical investigation will shed some light on the incident.”

Kolochenko says the steady growth and wider adoption of digital coins continuously increases their attractiveness for cybcercriminals.

“Unlike fraudulent bank or PayPal transactions, theft of digital coins is very difficult to trace and virtually impossible to revert,” Kolochenko says.

“Despite persistent lack of qualified personnel and insufficient governmental funding, law enforcement agencies managed to build decent teams and effective processes to detect, investigate and prosecute theft from bank accounts.”

And in spite of the recent and growing spate of attacks involving cryptocurrencies, Kolochenko says proper investigation of incidents is still nascent in most countries.

“Lack of regulation, opaque ownership and decentralization - make digital coins a low hanging fruit for cyber gangs who can easily grow their profits without increasing their efforts. I would expect many similar incidents in 2018, unfortunately,” Kolochenko concludes.

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.