In January, Coincheck was on the receiving end of an overwhelming hack which culminated in the loss of approximately 523 million NEM tokens with an estimated market value of $550 million.
Coincheck is a digital wallet and exchange service operating between Bitcoin and fiat currencies in Japan, as well as Bitcoin transactions and storage in other countries worldwide.
A Tokyo-based cybersecurity firm produced an analysis on the footprints of transactions carried out in connection to the stolen NEM. The report established that nearly all of the stolen tokens had been laundered. The disguise of the ill-gotten funds had been done mainly through channels on the dark web.
According to the cybersecurity firm, a website had been set up on the dark web by a facilitator offering to trade the NEM, believed to have been stolen, and converted into cryptocurrencies other than NEM immediately after the theft.
The said portal selling the NEM was showing absolutely zero balances.
NEM as Digital Currency
NEM is digital currency protected by encryption. It is based on the peer-to-peer technology that amasses, dispenses and confirms transactions carried out within a given period of time. This is done in blocks which are then conjoined into what you would consider as chains.
The blockchain platform has multiple uses for example registration of contracts like financial and legal ones.
The developers of NEM are fictitious. Inspired by NXT, a BitcoinTalk forum user by the name “UtopianFuture” started NEM with initial plans unfortunately dismissed, and an entirely new codebase adopted in its place. After open calls for public participation on BitcoinTalk were started, a community-favored cryptocurrency was born.
NEM was launched in March 2015, hosting a Java written program with C++ language. The commercial blockchain Mijin uses the NEM blockchain software and is being tested in private companies and financial institutions in Japan and in other parts of the world. The partnership between NEM and Tech Bureau, which operates Japan-based crypto exchange Zaif, led to the creation of a new blockchain engine in April 2016.
Immediately after the Coincheck hack earlier this year, some NEM funds—believed to have been part of the stolen tokens—were transferred to a third-party digital wallet. The wallet had no connection whatsoever with the hacker. According to analyzed proofs, by deductions revealed by security researchers, the funds have been transposed through 19 different accounts.
The NEM Foundation, based in Singapore, had tagged the tokens by mid-March. Despite the efforts, almost half of the stolen funds had already been laundered by the masterminds of the massive hack. The system used to tag NEM is automatic and thus essentially follows and tags any money that has traces of corruption that is wired into an account.
Coincheck Carries the Blame
The hack only targeted NEM. The security breach was brought about by the deficiency of strong security strategies by Coincheck.
As such, the NEM development team turned down requests to carry out a hard fork.
The NEM Foundation later disabled the automated tagging system for unascertained reasons.
Statements claim rising tensions between the NEM Foundation and Coincheck, but with questionable accuracy.
The NEM Foundation later terminated its involvement in the pursuit of the trail with potential leads to the stolen funds after coming to the conclusion that the authorities had been sufficed with all the relevant and adequate information.
As is expected, the hackers will launder the money by cashing out the coins in their possession. These have been acquired through the trade of the NEM funds among other crypto-related crimes. This is most likely to be done in overseas exchanges where they are not coherent to the stringent know-your-customer norms.
Details in the report cited the disclosure on the existence of the NEM funds in other cryptocurrencies acquired through the swap trades, disseminated across many digital wallets among multiple addresses. Each one of the wallets contains Bitcoins worth millions of Japanese Yen.
The hack prompted two Japanese cryptocurrency trade groups to amalgamate into a new self-regulatory organization. The Financial Services Agency took administrative action by requiring Coincheck to upgrade its security practices. However, they did not order the exchange to close shop, out of concern for the protection of the welfare of the users.
Despite the supposed investigation by the authorities in Tokyo, the swap has progressed with an unexpected rapidity. According to the Foundation, NEM protocol’s suppleness allows the trace of transactions in real-time if they are decentralized.
This, in turn, helps exchanges to pinpoint wallets affixed to malicious activity. Stolen tokens are therefore effectively of no use and unless they are flagged off by NEM, they can be deposited into accounts.
Coincheck had initially hinted at difficulties in reimbursing of all its users affected by the massive hack but later made an announcement that it would keep the promise to compensate all the 260,000 users in Japanese Yen using its own capital.
By March, Coincheck initiated refunds to clients who had held NEM and who were affected by the hack. It has undertaken the distribution of restitution and the process to full compensation is underway.
Latest posts by C.M. (see all)
- Australian Man Faces Charges for Running $17M Drug Syndicate on the Dark Web - April 23, 2019
- A Look at Baldr, a New Type of Malware Circulating in Hacking Forums - April 23, 2019
- Silk Road 2.0 Founder Sentenced to 5 Years in Prison - April 22, 2019