A Japanese cryptocurrency exchange service has promised users they will be partially repaid, after a hacker stole 58 billion yen ($660 million) over the weekend.
Coincheck, one of the largest digital currency exchanges in Japan, announced that the 260,000 users affected by the hack would be refunded 46 billion yen ($522 million) -- around 90% of what was taken.
The hack is believed to be the biggest-ever digital cryptocurrency theft and resulted in the temporary suspension of the service.
“We realise that this illicit transfer of funds from our platform and the resulting suspension in services has caused immense distress to our customers, other exchanges, and people throughout the cryptocurrency industry,” Coincheck said in a statement.
“We would like to offer our deepest and humblest apologies to all of those involved.
“In moving towards reopening our services, we are putting all of our efforts towards discovering the cause of the illicit transfer and overhauling and strengthening our security measures.”
The incident follows the hack of another Japanese exchange, MtGox, in 2014 which caused the company to collapse following the theft of $US400 million.
The hack
The hacker gained access to the system at 2:57am on January 26 and was not detected until 11:25am later that day.
The cryptocurrency was stolen via multiple transactions, and the service was suspended shortly after.
Japan’s Financial Services Agency (FSA) and the police were then notified of the breach.
Targeted were Coincheck’s NEM coins, which were being stored in an online ‘hot wallet’.
Major cryptocurrency exchanges around the world opt to keep the majority of their currency offline in cold storage, to avoid incidents such as these.
Additionally, NEM coins do not require multiple signatures to move funds, unlike cryptocurrencies like Bitcoin, allowing the hacker easier access.
However, Coincheck has not given up hope on recovering the stolen NEM.
"We know where the funds were sent,” said Chief operating officer, Yusuke Otsuka.
"We are tracing them and if we're able to continue tracking, it may be possible to recover them."
Japan operates as one of the largest markets for cryptocurrency globally, after the FSA introduced a licensing system in 2017 that aimed to better regulate the industry.
However, Coincheck was four months past its deadline to receive its license to operate and was only being allowed to operate while it awaited a decision from the FSA.
The FSA has ordered Coincheck provide a report outlining the causes of the incident by 13 February.
Paying the refunds
As the value of NEM, and any other cryptocurrency, is continually changing, repaying the stolen currency makes for a complicated process.
Coincheck has promised users that the money being used for the repayments was coming out of its own pockets.
“Reparations will be calculated using the weighted average of turnover during a set period,” Coincheck said.
“The weighted average price was derived using prices during the period beginning with the suspension of new purchases and sales of NEM on the Coincheck platform, and ending with the release of this notice.
“The principal used for reparations will be derived from company funds.”
All reparations are to be made in YEN.