ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailMenu BurgerPositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter
Politics

Coincheck targeted by suspicious traffic for weeks before NEM heist

Bogus email to employees may have delivered virus that allowed for system hack

Suspicious communications between Tokyo-based Coincheck and servers outside Japan went on for weeks before a $542 million cryptocurrency theft, a new finding suggests. (Photo by Rie Ishii)

TOKYO -- Suspicious communications between the computers of Tokyo-based cryptocurrency exchange Coincheck and unidentified servers outside Japan began weeks before the Jan. 26 theft of 58 billion yen ($542 million) of the cryptocurrency NEM, a new finding suggests, a person close to the police investigation said.

The finding suggests someone hacked into the Coincheck system via employee email and stole a "private key" necessary to transfer NEM.

According to the person, several Coincheck employees received English-language emails appearing to be an internal message from a colleague in early January. Once the sender's address was clicked, the user's computer was infected with a virus that enabled it to be operated from outside the company.

Soon afterward, Coincheck's system began contacting external servers in Europe and the U.S. without proper instructions. The suspicious communications went on until almost midnight on Jan. 25, then stopped as a large amount of NEM began moving out of the exchange's system soon after the date changed to Jan. 26.

Takayuki Sugiura, head of the Tokyo-based information-security consultancy L Plus, said it was likely someone repeatedly accessed Coincheck's server to steal the private key for the NEM transaction. Sugiura estimates that roughly 40% of the NEM stolen, worth about 25.5 billion yen, has already been exchanged for bitcoin and other currencies.

On about Feb. 7, messages seeking to exchange NEM with other virtual currencies appeared on an anonymous "dark web" site.  

The Tokyo Metropolitan Police Department has deployed about 100 police officers to analyze records of suspicious access to the Coincheck server and possible connections with the NEM theft. 

The stolen money that has been converted to bitcoin is being kept at several e-wallets, with hundreds of millions of yen in each, the person close to investigation said, adding that individuals involved in the NEM heist are preparing to change the currency into cash at exchanges outside Japan.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends January 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media