Coincheck: The Half a Billion Dollar Hack

Author profile picture

@BestofICOsBest of ICOs

Before reading this article please read our disclaimer at the bottom of the article or here

One of the largest Hacks in History


On June 19th 2011, the largest Bitcoin exchange, Tokyo-based Bitcoin exchange Mt. Gox reported to their users that they had lost approximately 850,000 Bitcoin in multiple ways, which at that time was worth $450 Million USD (Or about $10B USD now). This was by far the largest loss in the history of cryptocurrency and had a severe impact on the price of Bitcoin. An unusual series of mistakes was made which enabled the money to be stolen, or lost in several forms. Mt Gox is one of the main examples why we recommend keeping money in cold wallets rather than wallets at exchanges.

Last week, another Tokyo Bitcoin exchange, Coincheck announced they had lost approximately 500 million NEM tokens, with a value of about 500 million USD. Coincheck estimates that over 250,000 people were affected by the hack, and assured that it was not an inside job. This hack is much different, since most of the currency was lost in a single event, rather than a slow buildup due to errors, hackers, and negligence.

Coincheck reached out to the NEM network to see if they could revert the transaction. The creators of NEM decided that Coincheck was completely at fault for the hack, and decided that they would not fork. So the team at Coincheck was forced to do something much more interesting, and this the reason we are writing this story. Coincheck is tagging the money in order to track down the criminals.

This story will focus on the details of the hack, how the tagging works, and what NEM and Coincheck are.

Image taken from Coincheck’s Homepage found here.


NEM is a network that uses the XEM cryptocurrency, which launched on March 31 2015. The token is based on what they call “Proof of Importance” (PoI) which is similar to Proof of Stake (PoS). PoI blocks are verified by players that both own a lot of XEM tokens (like PoS) but also by how much volume they transact every day. Essentially the network assigns an importance rating to each account. This metric therefore puts exchanges at a high Importance grade on the NEM network.

Their hope is that PoW consumes much less energy than Bitcoin’s Proof of Work (PoW) but without the hoarding behavior that is carried with Proof of Stake (PoS).


Coincheck is a Bitcoin wallet and exchange service based on Tokyo which started in August of 2014. The exchange was important in Japan, as thousands of merchants relied on it to accept Bitcoin transactions from users. Right after the hack took place, Coincheck would only authorize the exchange of Bitcoin. The exchange requested the NEM foundation to reverse the hack, but apparently Coincheck’s > $150M USD in transactions was not important enough to perform a fork. Coincheck now has completely blocked new user accounts from being created on the network.

Hot Wallets

There is no such thing as a perfectly secure system. Coincheck is an exchange platform that enables users to trade BTC, NEM, and other cryptocurrencies . As with all exchanges, users can deposit fiat or tokens and trade them for other tokens or for fiat (selling). Exchanges typically have very friendly login systems and 2 factor authentication, which makes them a very practical and simple storage location for many people to store their cryptocurrency.

The practice of storing your cryptocurrencies with a third party that allows you to access it online is called a hot wallet. Out of the numerous types of cryptocurrency wallets, hot wallets are the least safe (we also wrote an article about it).

There are multiple points of failure, including:

  • Stolen / guessed user credentials
  • Exchange Employee Impersonation
  • Malicious hot wallet third party
  • Internal corruption within the company
  • Exchange going bankrupt or defaulting, or even a Bank Run
  • Mismanagement / Negligence
  • External Hackers

These variables are in no way independent. Having a bad system will affect the other systems as well and will probably make the whole thing much more vulnerable.

You are trusting that the exchange will store your wallet and always give you access to it, and nobody else. You are also trusting the exchange won’t use your keys for any personal gains, and that their security is up to date and will never be hacked.

The Hack

On January 27th 2018, the following message was displayed on the Coincheck website:

Image taken from Coincheck’s Homepage found here.

About 2 days later, Coincheck confirmed through a press conference everyone’s fears, and stated that they had lost 500 million of their XEM tokens. They also confirmed that the attack was not internal, someone had penetrated their users database and hot wallet.

While details on the attack have not been made public, Coincheck has explained the actions they have token in order to correct and rectify the problem. As an exchange, Coincheck has access to a lot of available capital. Their first order of business will be to return some fiat to the users through a $426 Million USD fund for the victims.

The company has also expressed that instead of forking their Blockchain, they will instead be tagging the currency.

Forking and Tagging

The Blockchain is essentially a list of transactions. Transactions can be authenticated because a user’s private key is used to “sign” a transaction, which can then be verified by anyone using their public key. All transactions are public and open since the beginning and they are itemized and segmented into blocks. The properties of transparency, and traceability enable multiple viewers to have an agreement or consensus on what was transferred to whom.

In May of 2016 a decentralized investment organization by the name of DAO (Decentralized Autonomous Organization) which was based on Ethereum was hacked for about $110 million dollars, causing the price of Ethereum to crash.

Ethereum uses the blockchain, and therefore is a transparent and open ledger, so in theory it is possible to trace exactly where the funds went. This property also allows users to say that they will not respect any transaction which takes place after a certain date, and resume accepting transactions after a certain agreed upon period. This affects every transaction that took place on that blockchain over that period of time, making it as if they never happened. This does not affect only certain subsets of transactions, like those over one exchange, but every user and exchange.

The property of ignoring the rest of the blockchain or essentially creating your new version of reality (of transactions) is called a fork.

Back in 2016 during the DAO hack, the Ethereum foundation asked the community a question: Should we revert back in time and start only accept the transactions which happened before the hack? This decision would essentially discredit every transaction that happened after the hack, so that if you had purchased ETH after the hack, that transaction would effectively not have taken place, and you would have lost your money.

This naturally split the community between those against and in favour of the fork. The result of that was that Ethereum split in two, Ethereum Classic and Ethereum. Forking the cryptocurrency caused a crash in the price, and since then there are two Ethereum.

(You can read more details about that fork here).

The XEM development team was not satisfied with Coincheck’s level of security and therefore did not believe that the issue granted a fork. So instead Coincheck decided that the best way to deal with the situation would be to keep track of who stole the money. This means they are tracing every single account and transaction that gained from the hack. The move is quite interesting, since the company will have to to pay hundreds of millions in losses to their users and will also try to bringing the criminals to justice.


There are multiple lessons from this and other similar stories.

Do not rely on hot wallets. When purchasing a cryptocurrency, please make sure your money does not stay on a hot wallet for more than a day. And only store small amounts.

Do not trust third parties. Even when an exchange has done everything right, there is always the possibility that social hacking, an angry employee, or some other event out of their control could cause a major loss.

Use cold storage. Cold storage is the most recommended method of storage by security experts. It typically takes the form of hardware wallets, such as the Trezor or Ledger.

Image of the ledger nano found here.

As the cryptocurrency markets continue to develop, it will become considerably more difficult to be able to pull off forks like Ethereum did back in 2016. Coincheck is taking steps to identify the hackers, and will be able to tell if the XEM is sold for fiat, or exchanged for other currencies. All we can hope is that the criminals behind this hack and those behind DAO and Mt Gox are found and brought to justice.

Despite what most people think, cryptocurrencies are not exactly anonymous, and if someone like Satoshi Nakamoto ever made a purchase, people would be able to uncover their identity. The whole concept of the Blockchain relies in a transparent list of transactions, and eventually you can link who purchased something and track that transaction all the way back to the genesis of the cryptocurrency.

Looking to help?
Support us on Bountey!

Want to stay up to date in ICOs?
Visit us at

Have an interesting story?
Write us at


This website and the information contained herein is not intended to be a source of investment, financial, technical, tax, or legal advice. This website cannot substitute for professional advice and independent factual verification. The ideas and strategies on this website should never be used without first assessing your own personal financial situation, and without consulting a financial professional. All content in this website is for informational purposes only, and is provided “as is”, with no guarantee of completeness,accuracy, timeliness or of the results obtained from the use of this website. This is just a stub, your access to and use of this website is conditioned upon your acceptance of and compliance with the Full Disclaimers. The Disclaimers apply to all visitors, users, and others who wish to access or use this website.



The Noonification banner

Subscribe to get your daily round-up of top tech stories!