Cyber attacks on cryptocurrencies, startups, wallets, and exchanges are well-known possibilities. On Jan 25th, however, Coincheck lost control of approximately 500 million NEM tokens, a sum valued at roughly $400 million as of the time the tokens vanished. Bloomberg reports that: At the time of the disappearance, NEM was the 10th largest cryptocurrency according to market cap.
After hours of speculation, Coincheck Inc. co-founder Yusuke Otsuka said during a late-night press conference at the Tokyo Stock Exchange that the company didn’t know how the 500 million tokens went missing, but the firm is working to ensure the safety of all client assets. Coincheck said earlier it had suspended all withdrawals, halted trading in all tokens except Bitcoin, and stopped deposits into NEM coins.
Following the late night press conference, it was announced that the Financial Services Agency of Japan was investigating the exchange as well as the missing funds. The Japanese FSA released the following statement regarding the topic:
We are looking into the facts surrounding Coincheck.
How has the disappearance impacted cryptocurrency trading markets?
After the news broke, Bloomberg reported losses for BTC, NEM, and XRP. NEM value dropped around 9% to rest at $0.85 per coin and XRP fell by roughly 8%. The crypto market has seen some rough news break, such as the loss of funds in both Parity hacks, but the scale of loss has not been seen since Mt. Gox in 2009, when roughly $460 million worth of BTC were lost. The exchange halted trading of altcoins and stopped accepting deposits once the funds were discovered to be missing.
Long-term implications of the disappearance of funds will likely include a loss of faith in centralized exchanges, reduced global liquidity of crypto as a result of this breach of trust, and increased regulatory scrutiny for exchanges.
According to an infographic published by Rodgers Research, Coincheck holds the largest trading volume share over the last 30 days, a startlingly high 32%
How can investors proceed?
In the event that funds are lost permanently, the exchange may be held liable for repaying investors the funds that disappeared. Moving forward, it is vital that investors not place such substantial amounts of their holdings on an exchange for extended periods of time. Many exchanges such as CoinBase hold to the 90% or more to 10% or less ratio of cold storage to hot wallet holdings for investor protection.
Token holders should take this as a reminder that the only way to keep their assets secured is to store them in a crypto wallet that provides them with their private keys. Exchanges offer trading, and it may be more convenient to leave some funds on the exchange, but larger amounts of funds can be vulnerable to more than just hacks.
Liquidity requirements can be impacted significantly when whales, or large volume investors leave their tokens in exchange accounts. When the whales cash out, the reserves of the exchange can change significantly from what they were expecting, which will require them to transfer assets out of cold storage to meet the withdrawal needs and continue offering trading for affected currencies.
What lessons can exchanges learn from this occurrence?
When offering liquidity for assets, it is vital to ensure that the majority of assets are secure at any given time. Many exchanges operate with 90% of their holdings in cold storage to ensure that the majority of the funds they hold are safe in the event of an attack.
Beyond the liquidity safeties that can be implemented, exchanges can employ penetration testers to verify the security of their systems on a regular or semi-regular basis.