Malware Behind $530 Million Theft of Japanese Crypto Exchange

Tabletop Exercises with LIFARS Incident Response Team



The hack of Japanese cryptocurrency exchange Coincheck, in January, occurred after hackers infiltrated the platform by targeting an employee’s computer with malware.

In an investigation report released by Tokyo-based cryptocurrency exchange operator Coincheck, details have emerged that the theft of 58 billion in NEM on January 26th. According to Coincheck president Koichiro Wada, the personal computers of employees were targeted with malware delivered via email prior to the heist. The intrusion ultimately led to the theft of 58 billion yen in NEM, a cryptocurrency, stolen from the exchange’s hot wallets.

Coincheck, which has since received a business improvement order from Japan’s financial regulator, admitted its failings in preventing the theft of its customers’ cryptocurrency holdings in its wallet storage accounts which were connected to the internet.

Wada, who said the company’s internal controls were inadequate, said:

“We’ve invested to improve internal controls and other operations, but we’ve faced difficulties recruiting necessary personnel.”

Yusuke Otsuka, Coincheck’s chief operating officer, told reporters that the exchange has since enhanced its security measures and is working to compensate users. Customers have withdrawn about 60 billion yen ($566 million) in cash since the incident, he added.

Meanwhile, Japan’s crackdown on the cryptocurrency industry intensified after the Financial Services Agency (FSA) suspended two exchanges’ operations for a month before ordering Coincheck to “conduct a drastic review on its management team.”

Elsewhere, NEM Foundation vice president Jeffrey McDonald insisted that the nonprofit is working with Coincheck to restore and/or retrieve the lost NEM.

He stated:

“We’re actively working with Coincheck and other exchanges to ensure proper handling of this breach. Foundation will continue to provide updates as the situation unfolds.”

Image credit: LIFARS Archive.