The Tokyo-based digital currency trading platform "Coincheck" announced a plan to compensate some 260,000 of the $ 523 million NIM currency holders who were illegally withdrawn from the Coincheck platform. The cause of the breach is being investigated, according to a notice on the company's website. Similar events in other currencies, including the Japanese yen, were not confirmed.
On 26 January, the Coincheck platform suspended some of its functions after the event, which occurred at approximately 02:57 on that date. The company disclosed irregularities at around 12:07 pm and issued a notice on a temporary suspension of Nem currency payments. At about 12:38 am, the currency of Nim was suspended temporarily. While at around 16:33, all trades including the Japanese Yen were suspended, followed by a temporary suspension of trading except for the Pitcairn currency including the use of a credit card. In the end, the platform's executives confirmed the theft near the end of the day, and the platform will return the stolen money in the Yen currency to the Coincheck governor.
Security failure
During a press conference after the suspension of the activity, the platform executives revealed many details about the penetration and specifically the infrastructure of the platform. "Yuji Nakamura," a technology reporter from Japan, said that the trading platform Coincheck did not implement multi-signature technology, as all the money was stolen in wallets connected to the Internet. In addition, developers of the Coincheck platform are still unsure how to penetrate the platform.
On the other hand, most major FX platforms such as Kraken, Coinbase and Bitfinex have multiple signature security measures, which in turn prevent money from being processed on public proximal networks until a third party security provider confirms the legitimacy of transactions. Where the lack of a multi-signature service is a critical security flaw to any platform for currency trading. When multi-signature technology is integrated, it will be possible to prevent security breaches.
Money stored in wallets connected to the Internet "Hot Wallet"
In addition to the non-implementation of multiple signature security measures, the Coincheck platform stores all of its funds in an online wallet rather than offline portfolios. Often, large amounts of money are stored by trading platforms in "cold storage" portfolios, to ensure that even in the event of a breakthrough, hackers can not access user funds. The mismanagement of the Coincheck platform on the storage of funds in the Internet-related portfolio and the failure to implement the multi-signature system ultimately led to the loss of user funds.