TOKYO -- The anonymous nature of digital wallets continues to stymie investigators in last week's theft of 58 billion yen ($530 million) worth of NEM cryptocurrency from a Tokyo exchange, perhaps the biggest cryptocurrency heist in history.
Authorities know which user accounts were affected by the Jan. 26 hacking, and the accounts holding the pilfered funds can be immediately identified because the virtual coins are traceable.
If the Coincheck exchange case were a regular bank robbery, identifying the bank accounts holding the stolen money would let law enforcement easily return the funds to victims.
But individuals who open a bank account must identify themselves, and no such requirement exists for opening a digital wallet. Anyone can obtain an anonymous digital wallet as easily as walking into a store and paying cash for an actual wallet.
That helps explain why Coincheck and the NEM Foundation, the international organization that manages and promotes the currency, are having trouble identifying the owners of the wallets and demanding the restoration of funds.
The foundation, which tags the NEM coins, could rewrite the blockchain virtual ledgers and forcibly return the stolen funds to Coincheck. But the NEM group has pledged never to rewrite blockchain records, so even those "transactions" resulting from a hack will remain valid.
The Tokyo Metropolitan Police Department had received communication logs maintained by Coincheck as of Thursday. The logs are being analyzed for any violation of Japanese anti-hacking laws, but the investigation is expected to encounter challenges similar to those in past cybercrime cases.
In 2015, servers belonging to the state-run Japan Pension Service sustained a cyberattack in which computer viruses were used to obtain names, identification numbers and other data belonging to some 1.25 million people. The next year, travel agency JTB suffered a data breach affecting 6.79 million customers. In both cases, the hackers may have infiltrated systems via offshore servers, but no suspects have been named to date.
When Mt. Gox went bankrupt in February 2014 after a massive amount of cryptocurrency went missing from its exchange, it took about a year and a half for authorities to arrest CEO Mark Karpeles, who was suspected of falsifying account data. Investigators went as far as crunching data in servers located in the U.S.