Coincheck Begins NEM Refunds For Affected Customers, Resumes Partial Trading
Crypto exchange Coincheck has begun refunding customers who lost NEM in the Jan. hack, as well as beginning to allow withdrawals and partial trading.
Japanese cryptocurrency exchange Coincheck is starting to refund customers that were affected by the Jan. 26 hack of around $534 mln worth of NEM, as well as allowing the withdrawal and sale of certain cryptocurrencies, according to two press releases published today, March 12, on Coincheck’s website.
Withdrawals of the following currencies, Ethereum (ETH), Ethereum Classic (ETC), Ripple (XRP), Litecoin (LTC), Bitcoin Cash (BCH), Bitcoin (BTC) have resumed. According to the press release, which also noted that BTC sales were never paused, ETH, ETC, XRP, LTC, BCH can now also be sold again on the exchange.
On March 8, Coincheck had repeated a previous announcement that they would soon start refunding NEM customers. Compensation will be paid in Japanese yen, at the rate of around 88.5 yen (around $0.83) to one NEM coin.
Japan’s Financial Services Agency (FSA) had initially responded to the hack by conducting on-site inspections of the 15 unregistered cryptocurrency exchanges in Japan. As a result of the inspections, the FSA sent business improvement orders to seven of these exchanges, including Coincheck.
On Coincheck’s press release on the resumption of some crypto sales, they addressed their business improvement order:
“We will solemnly and seriously take the measures we take carefully and will deeply reflect on ourselves and will drastically review our internal control system and management control system and will review the management strategy that thoroughly protects customers.”
The NEM hack was attributed to Coincheck having stored the NEM on a low security hot wallet. Once the hackers managed to steal the private key for the wallet, they were able to take the funds.
Local news outlet the Nikkei Asian Review wrote today, March 12, that virus-infected emails were sent to several members of Coincheck staff weeks before the attack, perhaps opening the employee email system to allow the hackers to steal the private key.
After the malware emails were sent and opened, Coincheck’s system began contacting external services based in Europe and the US without any proper authorization. This communication continued until midnight on Jan. 25, discontinuing in synchronization with the NEM leaving the hot wallet in the early hours of Jan. 26.
Some of the stolen Coincheck NEM has been traced to both a Canadian crypto exchange, as well as Japanese NEM exchange Zaif.
In the aftermath of the hack, ten crypto traders filed lawsuits in mid-February over Coincheck’s freezing of crypto withdrawals. 132 more crypto investors filed another lawsuit in early March, seeking around 228 mln yen (around $2 mln) in damages.