The Financial Services Agency conducted a spot inspection on Coincheck Inc. Friday to protect users, Finance Minister Taro Aso said, as authorities tried to pin down how hackers stole about ¥58 billion ($530 million) of digital money from the Tokyo-based cryptocurrency exchange.
Last week’s heist — one of the world’s biggest cyberthefts — highlighted the vulnerabilities in trading an asset that policymakers are struggling to regulate, as well as the broader economic risks for the country as it aims to leverage the financial technology (fintech) industry to stimulate growth.
The regulator earlier this week issued a business improvement order to Coincheck and said it would investigate all cryptocurrency exchanges in the nation for security gaps following the hack.
Coincheck has been ordered to submit a report on the hack and measures for preventing a recurrence by Feb. 13. But the inspection was conducted ahead of the deadline to “ensure protection of users,” Aso said.
The FSA said Friday it had ordered all cryptocurrency exchanges to submit a report on their system risk management.
The FSA has already conducted an interview-based hearing with Coincheck but questions remain, a source with direct knowledge of the matter said Friday.
Another source said the checks by some 10 inspectors started at 8 a.m. Friday, with the aim of examining financial conditions at Coincheck, the company’s responses to clients and reviewing its system managing structure.
Coincheck said Sunday it would repay about ¥46.3 billion ($425 million) of the virtual money. The FSA has said it had yet to confirm whether the company had sufficient funds for the reimbursement.
The hack has drawn into focus the government’s approach to regulating cryptocurrency exchanges. Last year, it became the first country to regulate exchanges at the national level — a move that won praise for boosting innovation and protecting consumers, contrasting sharply with crackdowns in South Korea and China.
Authorities in several countries are probing the heist involving the NEM cryptocurrency.
A portion was apparently sent to exchanges in the United States and New Zealand early Thursday, a Japanese member of a Singapore-based NEM promotion group said the same day.
“Investigative authorities in several countries are making moves” in relation to the theft, said Takao Asayama, one of the council members of NEM.io Foundation.
Last year’s explosive rise in the value of digital coins and the flood of new retail investors drawn to the market have rattled global regulators nervous about a sector used largely for speculation. Officials have said cryptocurrencies are used by criminals to launder money.
The FSA said it had asked Coincheck to fix flaws in its computer networks well before last week’s heist.
Security gaps in Coincheck’s systems were among the reasons the exchange had not been given official approval to operate, the regulator said. The company had been allowed by to operate pending formal registration.
Coincheck has said the virtual coins were stored in a “hot wallet” instead of a more secure “cold wallet,” which operates on platforms not directly connected to the internet. The exchange was also not using an extra layer of security known as a multi-signature system.