Japanese Regulator Reprimands Coincheck, May Conduct Nation-wide Crypto Exchange Probe

Japan’s FSA has ordered Coincheck to strengthen their security measures post-hack, and may investigate other crypto exchanges in the country.

Following the massive cyberattack on Coincheck, Japan’s financial regulator has ordered the exchange to improve its operations, and announced that cryptocurrency exchanges in the country may undergo inspections if required.

In what is being considered one of the biggest cyberattacks in the world, hackers stole $534 million worth of NEM from Tokyo-based Coincheck, after which trading was suspended for all cryptocurrencies on the platform except Bitcoin. Coincheck has since announced that they will reimburse around 90% of the stolen amount with internal funds, although no concrete plan of action or timeframe has been laid out as yet.

Japan’s Financial Services Agency (FSA) has ordered Coincheck to raise their standards and fortify their operations, after it emerged that the NEM had been stored in a ‘hot wallet’, as opposed to the more secure alternative of a ‘cold wallet’. In addition, no multi-sig system was in place, which is generally used as an extra security measure.

As per the FSA’s orders, Coincheck will be required to submit a report on the cyberattack and detail steps taken to prevent any further attacks by February 13. In addition, the FSA will also confirm whether Coincheck has the funds required to repay its customers. However, there are no plans to ban ‘hot wallets’ or set limits on how much can be stored in ‘cold wallets’.

In response to the orders from the FSA, Coincheck confirmed that they will work on making their operations and risk management systems more robust.

The FSA also announced that it will conduct in-person inspections of other crypto exchanges in the country to gauge the strength of their security measures, if required. While Japan was among the first countries to start regulating crypto exchanges by requiring them to register with the government (the rule was put into effect in April last year), the Coincheck attack suggests that further steps might be required.

Meanwhile, the Singapore-based NEM foundation, which had traced the stolen funds to an unidentified account and has been tracking them, recently confirmed that that owner of the account was now attempting to move the XEM onto six different exchanges, where they can then be sold.