TOKYO -- Following a huge virtual currency theft on Friday, Japan's Financial Services Agency has sent a rare notice asking all virtual currency exchange operators in the country to recheck the security of their systems.
The Saturday warning came after some 58 billion yen ($534 million) in customers' virtual currency holdings was stolen from Coincheck, a Tokyo-based cryptocurrency exchange, on Friday. It was the biggest cryptocurrency heist in the world, exceeding the one in 2014 when hackers stole about 47 billion yen of virtual money from Japanese bitcoin exchange Mt. Gox, causing it to collapse.
The FSA hopes to ensure there are sufficient internal controls at virtual currency exchanges and to prevent another theft.
Meanwhile, Coincheck said that it will issue refunds to all of the 260,000 of its users who have become victims of the hack. The exchange will use its own money to reimburse the customers, Coincheck said in an announcement.
One of the major cryptocurrency exchanges in Japan, it has attracted many customers by offering trade in a number of virtual currencies, and by spending heavily on advertising.
At a news conference late Friday, the company said nearly all of the NEM virtual currency held by its customers had been illicitly transferred out of the company's system at around 3 a.m. local time that day. The company has since halted withdrawals, deposits and trading of all currencies.
In its letter, the FSA warned that more large-scale cyberattacks could be mounted against cryptocurrency exchanges. The agency has told exchange operators to check their information and operation systems, take precautions against suspicious transactions and communications, and immediately report incidents that compromise security or other systems to regulators. The agency also instructed management not leave such tasks to their staff, but to get personally involved.
The agency rarely sends such notices to businesses. In April 2017, the agency revised the payment services law to require that virtual currency exchanges become registered. The revised law obliges exchange operators to manage customer assets and their own assets separately, but how to do this is left up to individual exchanges.