JAPAN’S Financial Services Agency (FSA) plans to enforce regulatory measures as soon as this week on Coincheck Inc, a major cryptocurrency exchange, after NEM currency then valued at 58 billion yen was illegally withdrawn from its customers’ accounts, according to informed sources.
The agency will enforce measures to improve Coincheck’s business operations based on the revised law on payment services. The sources said the agency may impose an order to suspend some operations of the company, which is based in Shibuya Ward, Tokyo.
Meanwhile, the Metropolitan Police Department will launch an investigation into the suspected violation of the Law on Prohibition of Unauthorised Computer Access, viewing the incident as an external hack.
The FSA was to issue an order to Coincheck to report the incident to the agency, and the company’s executives were to report on Sunday about the extent of the damages and how they were dealing with the problem.
The agency will decide on the regulatory measures against the company after carefully examining the report.
However, the agency has attached great significance to the fact that the company had yet to take sufficient measures to ensure the security of its systems.
As a result, virtual currency was allegedly withdrawn illegally in the largest-ever heist of a cryptocurrency.
Inadequate security measures
According to industry sources, it is common for virtual currency exchanges to manage data by blocking outside networks to prevent unauthorised access. However, Coincheck’s security measures may have been inadequate, as it stored NEM in a way that could be accessible from the outside via the internet.
The sources said the agency is considering suspending some of the company’s business because it had expressed concern over the company’s management of its customers’ assets before the incident.
Under the revised law on payment services that took effect in April 2017, a registration system was introduced for cryptocurrency exchange operators.
The agency is still examining Coincheck’s application under the registration system, and the company is doing business as a quasi-operator that is legally subject to the same regulations as registered operators.
In a press conference late Friday evening, Coincheck President Koichiro Wada was asked about compensation for customers. Wada repeatedly said, “We’ll prioritise protecting customers’ assets.”
Early on Sunday morning, the company posted on its website a plan to return money in Japanese yen to about 260,000 NEM holders.
The sources said the MPD will analyse such data as communication records of the company’s computers to identify where the unauthorised access originally came from.
The police will seek cooperation from overseas investigation agencies if the hacking was orchestrated outside of Japan.
There have been a series of incidents involving virtual currencies, including a 2014 case in which bitcoin disappeared from a Tokyo-based major bitcoin exchange called Mt Gox.
The latest incident is believed to be the largest so far in terms of value.