TOKYO -- Of the 58 billion yen ($530 million) in cryptocurrency stolen from marketplace operator Coincheck, at least several million yen has likely been converted into bitcoin and other virtual currencies on the hidden darknet, according to sources close to the investigation.
Earlier this week, an English-language site appeared on the darknet -- a part of the internet accessible only with technology that obfuscates the user's IP address -- offering large amounts of NEM in exchange for bitcoin and other cryptocurrencies. Shortly afterward, transfers to third parties picked up from the digital wallets where the NEM stolen from Coincheck was held, indicating trades were being made.
Groups including the NEM.io Foundation managing the currency have tagged the stolen NEM to make it easier to track. In converting the funds into a currency that is less traceable, those behind the hack could be preparing to exchange their holdings for cash.
The security breach that nearly cleaned out the Tokyo-based company's NEM coffers occurred on Jan. 26.
By Thursday evening, several million yen, or tens of thousands of dollars, worth of NEM had been transferred from one of the perpetrators' wallets to several other addresses, according to a senior official at a major information security firm. The amount of NEM shown as available on the darknet site has fallen by the same amount.
It has been confirmed that sending virtual currency as directed on the site yields NEM in return. "It's possible that multiple people" have agreed to such exchanges, the official said.
Police in Tokyo are aware of the site, and are monitoring trades made through it. Those who have knowingly purchased the stolen NEM can be charged with a crime, a senior official working on the investigation said.
Investigators have also discovered illicit connections to Coincheck's systems from servers in the U.S. and a number of European countries in the days leading up to the hack. These are suspected to be attempts at stealing security keys needed to access the company's NEM.
The police here are cooperating with investigative authorities abroad to work out the source of the hack. But illicit connections are often routed through servers in several countries to obscure their origins, and peeling back those layers of secrecy will not be easy.