Suspicious transmissions preceded massive NEM theft
Suspicious transmissions were made from Tokyo-based virtual currency exchange operator Coincheck Inc.’s intracompany network to servers in Europe and the United States several days prior to a massive theft of NEM cryptocurrency from the operator, The Yomiuri Shimbun has learned.
According to sources knowledgeable about the ongoing investigation, information on the management of the cryptocurrency is likely to have been stolen from the company. In the investigation, the Metropolitan Police Department is considering the possibility that an overseas hacker group may have been involved in the theft.
About ¥58 billion worth of NEM was stolen from the exchange operator.
In the operator, such data as encryption keys — which are necessary to transfer virtual currencies — were managed in the intracompany network, according to the sources. It has been confirmed that malicious access was made from servers in the United States and two other countries from around Jan. 23.
Closely analyzing the communications records in the intracompany network, the MPD also found multiple suspicious transmissions were made from the network to servers in Europe and the United States around the same time.
As the intracompany network is normally not connected with external servers, the network may have been infected with viruses due to such factors as malicious contacts from around Jan. 23 and illicitly manipulated from outside, the sources said.
On Jan. 26 — several days after the suspicious contacts — the ¥58 billion worth of NEM was stolen from the operator.
Confidential information necessary to manage NEM, such as encryption keys, is believed to have been taken out of the network through the series of suspicious communications.
The MPD is moving forward with identification of the source of these suspicious transmissions by contacting server administrators in Europe and the United States via relevant investigative authorities outside Japan.
And yet, the investigation might face uphill struggles as hacker groups often use multiple servers in making illicit accesses, as a way to hide the sources of communications.
The MPD set up an investigation headquarters staffed with about 100 investigators on Monday, exactly a month after the massive theft of the virtual currency.
Meanwhile, out of the stolen NEM, the equivalent of about ¥15 billion is believed to have already been exchanged for other virtual currencies through such means as so-called dark websites that can hide users’ identities via anonymization software.
The exchanged NEM is likely to have been sent to dealers who made lax identity confirmations and converted it to real-world currency.
The MPD and the NEM Foundation, an international group promoting NEM, are beefing up monitoring of dark websites and the movements of NEM.
Coincheck is proceeding with strengthening security measures and implementing relevant laws and regulations in line with a business improvement report the exchange operator submitted on Feb. 13 to the Financial Services Agency.
However, even a month after the theft, transactions of virtual currencies other than bitcoin remain suspended. The company has yet to announce specifically when business will resume or how customers who possessed stolen NEM will be compensated.
The FSA has issued a business improvement order and called on the company to clarify its managerial responsibility, making the change of the management a focal point in the future. The company appears to be seeking capital tie-ups with other firms in a bid to strengthen its financial foundation.
In the meantime, about a dozen customers who had deposited their virtual currencies at Coincheck plan to file a suit demanding compensation for latent losses incurred due to a price drop while the customers were unable to sell them. Multiple lawsuits have already been filed against the exchange operator, seeking such relief as the return of customers’ virtual currencies.
“We are sorry that we are unable to tell the specific timing for such measures as the provision of compensation,” a Coincheck staff member in charge of public relations said. “We refrain from commenting on individual cases,” the person added.