Editorial: Cryptocurrency Hacking and The Dangers of Sloppy Security

A large sum of altcoin NEM was stolen by hackers on January 26th from Coincheck – a bitcoin wallet and exchange service headquartered in Tokyo, Japan. Since then, allegations of North Korea’s involvement have emerged, and concerns about the incident are growing. Apart from the ongoing official investigation, what are we supposed to do? This is what Sankei Shimbun has to say on the matter.

 

 

Galileo Ferrari – Tokyo

 

Is Coincheck a company worthy of handling customer’s assets?

 

The largest heist ever, 58-billion-yen worth of the cryptocurrency NEM, was stolen by hackers from a major Japanese bitcoin and exchange service – Coincheck – in late January.

 

Some of the risk in cryptocurrencies naturally lies in their violent price fluctuations. However, the many inadequacies in Coincheck’s security measures also cannot be overlooked. Some 260,000 customers were robbed of their assets as a result of the company’s failure to give the security of its systems proper attention, inviting a demand for responsible action.

 

 

Increasing focus on the industry

 

Four years ago, there was a similar incident with the Tokyo-based company, MtGox, when a large quantity of bitcoin disappeared.

 

These incidents are among the reasons the blockchain industry can be expected to face increasing skepticism unless they clarify their practices and correct their security problems.

 

At the same time, cryptocurrency and blockchain technology boast user-friendliness and low transaction fees for those trading online. However, the exchanges should make a better effort to increase the credibility of their security measures, along with standardizing the features of the industry.

 

No Enforcement

 

But, while the industry should take autonomous steps to improve its credibility, the reality is that even existing safety measures are not enforced.

 

Therefore, it is no surprise that Japan’s Financial Services Agency (FSA) ordered Coincheck to submit a report on the recent hack and measures it is taking to prevent a recurrence. The most important question, though, is whether they will find a way to fully reimburse their 260,000 customers.

 

Recognizing inadequate protection of customers, the government is now drafting amendments to the fund settlement law for cryptocurrency exchanges that would provide guidance in future incidents.

 

 

Were celebrities favored over security?

 

Coincheck itself is under review for the sloppy security measures that were a factor in the heist. It took 8 hours before the company realized there was a security system breach. The NEM tokens that were stolen were stored in a “hot wallet” instead of the more secure offline “cold wallet”, which operates on platforms not directly connected to the internet. The company also failed to use an extra layer of security known as a multi-signature system.

 

Koichiro Wada, President of Coincheck, who is known for employing Japanese celebrities for Coincheck’s television advertisements, excused the company’s security lapse, saying, “lack of skilled technical human resources and the complexity of the technology were the reason [for the hack].” It is hard to miss, though, that the company focused its resources on acquiring more customers, rather than strengthening the security and safety of its services.

 

 

Why the world should care

 

The broader, international implications raised by blockchain technology must not be overlooked. The loose regulatory system currently allows terrorists and criminals, including state actors such as North Korea, to use cryptocurrency profits to enable their criminal enterprises. This will be discussed in March at the G20 meeting, with finance ministers and central bank governors present. One topic will be how to facilitate development of new technologies such as blockchain, with the international community coming together to find solutions to the security and other problems that arise.

 

 

(Click here to read the article in Japanese.)

Related Story:

Coincheck Scandal: What to Expect When Withdrawals Start

Author:

Galileo Ferrari works at a global IT company, consults with startups in Japan, and is a contributor with JAPAN Forward. The views expressed are his own.

Leave a Reply