Probe links ‘overseas hacker group’ to Coincheck $530M crypto heist

Investigators in Japan are looking into the possibility that an overseas hacker group has gotten its hands on Coincheck’s encryption keys several days before the Japanese cryptocurrency exchange lost 523 million NEM tokens (XEM) from its hot wallet.

On Tuesday, The Yomiuri Shimbun reported that Metropolitan Police Department investigators noted “multiple suspicious transmissions” were made from Coincheck’s intracompany network to Europe and U.S.-based servers around Jan. 23, three days before the theft occurred.

Sensitive data, such as encryption keys, were managed in Coincheck’s intracompany network, according to sources with knowledge of the investigation. The intracompany network is normally not connected with external servers, which led authorities to believe that it may have been infected with viruses and resulted in it being illegally manipulated externally.

On Jan. 26, roughly three days after the recorded suspicious transmissions, Coincheck was stung by the theft of JPY58 billion worth of digital money.

A 100-man cybercrime team from the police department has already set up an investigation headquarters on Monday, a month after the virtual currency theft. The investigation, however, will prove to be quite a challenge, given that hacker groups are known for hiding behind multiple servers.

Currently, an estimated JPY15 billion worth of the stolen NEM have reportedly been exchange for other virtual currencies in dark websites. The MPD and the NEM Foundation have pledged to beef up the monitoring of the movements of NEM, particularly in the dark web.

Meanwhile, seven Coincheck customers have filed a lawsuit seeking the return of their NEM and 12 other kinds of cryptocurrencies in response to the exchange’s promise to repay them in yen, rather than in cryptocurrencies. Other victims have also formed groups to request their cryptocurrency holdings back.

The exchange resumed yen withdrawals last Feb. 13, but there has been no word yet on when the crypto withdrawals would restart. The government’s Financial Services Agency (FSA) has been keeping close tabs on the exchange. Aside from visiting Coincheck’s Tokyo office, the agency also required the company to submit a report not just on the heist, but also on the safety of its systems as well as Coincheck’s plan of action to prevent a repeat of the incident.