TOKYO -- The 58 billion yen ($550 million) in virtual currency stolen from a Japanese exchange operator in January appeared to have been more or less completely laundered as of Thursday, after an effort to track it was dropped.
Analysis of online transaction records for the cryptocurrency NEM was provided by Takayuki Sugiura of L Plus, a Tokyo company involved in cybersecurity. A website set up on the "dark web" to trade the ill-gotten gains for other virtual coins was showing zero balance for NEM as of Thursday evening.
According to Sugiura, shortly after the Jan. 26 hack on Coincheck, some of the stolen NEM was transferred to the digital wallet of a third party or parties apparently unrelated to the heist. Around Feb. 7, someone set up the site offering to exchange the NEM on the dark web, a highly anonymous section of the internet that requires special software to access.
As of mid-March, about half the loot appeared to have been swapped. The pace accelerated following a Tuesday announcement by the NEM Foundation that the Singapore-based nonprofit organization for the development and promotion of the namesake cryptocurrency had ended its tracking of the stolen NEM.
The foundation said it had "provided law enforcement with actionable information," but did not explain why it had stopped the pursuit. Tokyo's Metropolitan Police Department set up an investigation team of about 100 in late February.
The coins swapped for the stolen NEM have been spread out to a number of virtual wallets. For instance, exchanged bitcoins are sitting in multiple wallets, each containing several hundred million yen's worth of the cryptocurrency, according to a source related to the investigation. The thieves may seek to change the cryptocurrencies for cash, possibly through overseas exchanges that do not carry out stringent personal identification of account holders.
Investigators have found logs in Coincheck's systems of suspicious accesses from servers in the U.S. or Europe, going up to several hours before the heist. The hacker or hackers apparently stole a digital "key" to transfer the NEM, but from where they launched the attack remains unclear. Investigators continue to seek information from people who traded for the stolen NEM, and are keeping tabs on transactions in bitcoin and other swapped cryptocurrencies.
The Coincheck heist marked an inauspicious start to the year for cryptocurrency security in Japan, following 149 thefts of coins in 2017 totaling 662.4 million yen, according to National Police Agency data from Thursday. It was the first time such annual data was made available.
The hacks were confirmed at 16 cryptocurrency exchange operators and three virtual wallet providers. In 122 cases, or more than 80%, accounts were not secured with two-factor authentication, which requires further confirmation beyond user names and passwords. The attacks generally involved transferring funds out of exchange accounts and wallets. The Tokyo police are investigating these cases as possible violations of cybercrime laws.
Bitcoin was taken in 85 cases, making it the most-stolen cryptocurrency, with other well-known coins such as ripple and ethereum involved in 55 and 13 cases respectively. Thefts started slow with seven instances in April before rising to 19 in May and again to 41 in June, then settled back below 20 again until jumping to 25 in December. During roughly the same time, bitcoin soared to a record $1,400 or so in May, then went on to hit a new all-time high of nearly $20,000 in December.
With heists on Japan's regular online bank accounts down sharply in both frequency and value stolen from peaks several years ago, it appears hackers are targeting cryptocurrencies instead for their relatively lax security.