The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.
The Financial Services Agency (FSA) yesterday ordered improvements to operations at Tokyo-based Coincheck, which on Friday suspended trading in all cryptocurrencies except Bitcoin after hackers stole 58 billion yen (R6.41bn) of NEM coins, among the most popular digital currencies in the world.
Coincheck said on Sunday that it would return about 90 percent with internal funds, though it has yet to figure out how or when.
The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, which operates on platforms not directly connected to the internet, Coincheck said. It also does not use an extra layer of security known as a multisignature system. The hack has drawn into focus Japan’s approach to regulating cryptocurrency exchanges. Last year, it became the first country to regulate exchanges at the national level - a move that won praise for boosting innovation and protecting consumers, and that contrasts sharply with crackdowns in South Korea and China.
The FSA said it ordered Coincheck to submit a report on the hack and measures for preventing a recurrence by February 13, and that it would, if necessary, conduct on-site inspections of other cryptocurrency exchanges.
The regulator also said it had yet to confirm whether Coincheck had sufficient funds for the reimbursement.
But the regulator does not have any rules banning the use of “hot wallets” by exchanges, nor does it set requirements on how much should be kept in “cold wallets,” an FSA official said at a briefing.
In response to FSA’s order for improvements, Coincheck said in a statement that it would promptly strengthen its customer protection and governance, and develop its risk management systems.
Japan started to require cryptocurrency exchange operators to register with the government only in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.
The FSA has registered 16 cryptocurrency exchanges so far, and another 16 are still awaiting clearance. Coincheck’s application was made in September.
“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.
“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to current cryptocurrency fever.”
NEM fell to $0.78 from $1.01 on Friday but recovered to $0.95 late yesterday afternoon, according to CoinMarketCap. Crypto-currency related shares mostly rose in Tokyo, with GMO Internet, which offers cryptocurrency exchange services, gaining 5.7percent.