Investigative sources said Tuesday that Coincheck Inc.'s private network repeatedly accessed U.S. and European servers a few days before a massive hack in January.
The sources said there is a possibility that hackers overseas were operating the company's intranet after infecting it with malware to steal "private keys" — the information necessary to send virtual currency — leading to the theft of NEM cryptocurrency worth ¥58 billion ($542 million).
The Metropolitan Police Department's cybercrime division analyzed Coincheck's access logs submitted by the company and found there was communication between its intranet and the overseas servers Jan. 23 and 24, before the Jan. 26 theft.
While the company's intranet does not usually access outside servers, the police confirmed — via server logs — access occurred around that time, indicating a possibility that Coincheck's network was infected with malware during the time of access, and private keys were subsequently sent to the hackers.
The cybercrime division set up a special investigative team Monday with around 100 officers, aiming to identify the hackers, but the investigation will face hurdles if the hackers used servers based in several foreign countries.
Tokyo police also confirmed that a few Japanese nationals had converted some of the stolen NEM into other virtual currencies via the darknet — a portion of the internet inaccessible by normal means — and questioned a Japanese man on a voluntary basis who exchanged a small sum of NEM into Litecoin.
He was quoted by the police as saying he did it out of curiosity, and he doesn't seem to be connected to the heist, the sources said.