Last Friday, one of Japan's biggest Cryptocurrency Exchange, Coincheck reported a loss of approximately 523 million NEM tokens worth almost $534 million at the time it was stolen. Here is some insight on what exactly happened.
What is NEM?
NEM, short for New Economy Movement is said to be world's first "smart asset" blockchain. To simplify for our understanding of this case, NEM tokens were stolen, they another type of cryptocurrency that uses the NEM technology.
It was launched in March 2015 and has been increasing in value ever since as it is believed to be a promising technology that can be used by business houses.
It originated in Japan and is the world's tenth largest cryptocurrency in terms of market capitalization.
What happened in Coincheck?
The management has not spoken who stole the tokens but have said in a press conference that it was not an inside job.
At 3:00 am Friday morning (Japanese local time) approximately 523 NEM tokens were sent from a NEM address at Coincheck. Later that day, Coincheck noticed and an abnormal decrease in its balance.
How could the coins be stolen?
Coincheck said that the stolen NEM token were stored in a "hot wallet". Hot wallets are cryptocurrency storages connected to external networks and therefore holds the risk of being hacked.
Another way to store cryptocurrency is using "cold wallets" that is hardware specially designed to store them offline. It is similar to a pendrive storage with password protection.
Exchanges use the cold wallet methodology to store a majority of their client's asset to avoid being connected to outside networks.
Coincheck, however, did not follow that and has been suspected to have poor management issues as per Japan's regulatory body Financial Services Agency. It also did not have the multi-signature security which requires multiple sign-offs before funds can be moved, thus making it easy to suspect unusual transactions.
Can the regulators track the movement of these NEM tokens?
Yes. All most all cryptocurrency trasactions are open to public view and movement can be traced. On investigation, Coincheck found 11 adresses where the coins ended up but the identity of the one who owns the adress cannot be found on in the decentralised system.
The Singapore based organization, the NEM.io Foundation made a statement that it has the full whereabouts of the stolen coins and the hacker has not moved it out of the system. It is going to create an automated tagging system that will track the coins and identify any account that receives them.
How the holders would be identified is unclear. The 11 addresses traced is said to have the tag "coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker."
Will the hacker not be able to cash the loot?
The hacker could use services like "Shapeshift" that allow cryptocurrency trading without personal data. NEM trading was disabled on Shapeshift on Monday to avoid it from happening.
What can we do to protect our cryptocurrencies?
The lesson learnt from Coincheck is that investors should store their cryptocurrencies in Hard wallets. Soft wallets are cheaper and even free on mobile devices but are highly vulnerable to cyber attacks like these.