Japanese cryptocurrency exchange Coincheck is starting to refund customers that were affected by the Jan. 26 hack of around $534 mln worth of NEM, as well as allowing the withdrawal and sale of certain cryptocurrencies, according to two press releases published today, March 12, on Coincheck’s website.
Withdrawals of the following currencies, Ethereum (ETH), Ethereum Classic (ETC), Ripple (XRP), Litecoin (LTC), Bitcoin Cash (BCH), Bitcoin (BTC) have resumed. According to the press release, which also noted that BTC sales were never paused, ETH, ETC, XRP, LTC, BCH can now also be sold again on the exchange.
On March 8, Coincheck had repeated a previous announcement that they would soon start refunding NEM customers. Compensation will be paid in Japanese yen, at the rate of around 88.5 yen (around $0.83) to one NEM coin.
Japan’s Financial Services Agency (FSA) had initially responded to the hack by conducting on-site inspections of the 15 unregistered cryptocurrency exchanges in Japan. As a result of the inspections, the FSA sent business improvement orders to seven of these exchanges, including Coincheck.
On Coincheck’s press release on the resumption of some crypto sales, they addressed their business improvement order:
“We will solemnly and seriously take the measures we take carefully and will deeply reflect on ourselves and will drastically review our internal control system and management control system and will review the management strategy that thoroughly protects customers.”
The NEM hack was attributed to Coincheck having stored the NEM on a low security hot wallet. Once the hackers managed to steal the private key for the wallet, they were able to take the funds.
Local news outlet the Nikkei Asian Review wrote today, March 12, that virus-infected emails were sent to several members of Coincheck staff weeks before the attack, perhaps opening the employee email system to allow the hackers to steal the private key.
After the malware emails were sent and opened, Coincheck’s system began contacting external services based in Europe and the US without any proper authorization. This communication continued until midnight on Jan. 25, discontinuing in synchronization