ArrowArtboardCreated with Sketch.Title ChevronCrossEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailMenu BurgerPositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter
Cryptocurrency exchange Coincheck offers an app.   © Kyodo
Cryptocurrency

Coincheck thieves stay hidden via anonymous digital wallets

Hackers cover tracks even as accounts holding stolen funds are identified

TOKYO -- The anonymous nature of digital wallets continues to stymie investigators in last week's theft of 58 billion yen ($530 million) worth of NEM cryptocurrency from a Tokyo exchange, perhaps the biggest cryptocurrency heist in history.

Authorities know which user accounts were affected by the Jan. 26 hacking, and the accounts holding the pilfered funds can be immediately identified because the virtual coins are traceable.

If the Coincheck exchange case were a regular bank robbery, identifying the bank accounts holding the stolen money would let law enforcement easily return the funds to victims.

But individuals who open a bank account must identify themselves, and no such requirement exists for opening a digital wallet. Anyone can obtain an anonymous digital wallet as easily as walking into a store and paying cash for an actual wallet.

That helps explain why Coincheck and the NEM Foundation, the international organization that manages and promotes the currency, are having trouble identifying the owners of the wallets and demanding the restoration of funds.

The foundation, which tags the NEM coins, could rewrite the blockchain virtual ledgers and forcibly return the stolen funds to Coincheck. But the NEM group has pledged never to rewrite blockchain records, so even those "transactions" resulting from a hack will remain valid.

The Tokyo Metropolitan Police Department had received communication logs maintained by Coincheck as of Thursday. The logs are being analyzed for any violation of Japanese anti-hacking laws, but the investigation is expected to encounter challenges similar to those in past cybercrime cases.

In 2015, servers belonging to the state-run Japan Pension Service sustained a cyberattack in which computer viruses were used to obtain names, identification numbers and other data belonging to some 1.25 million people. The next year, travel agency JTB suffered a data breach affecting 6.79 million customers. In both cases, the hackers may have infiltrated systems via offshore servers, but no suspects have been named to date.

When Mt. Gox went bankrupt in February 2014 after a massive amount of cryptocurrency went missing from its exchange, it took about a year and a half for authorities to arrest CEO Mark Karpeles, who was suspected of falsifying account data. Investigators went as far as crunching data in servers located in the U.S.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends January 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media