Almost all of the NEM stolen from Japanese exchange Coincheck Inc., valued at around ¥58 billion ($530 million), may have been exchanged for other cryptocurrencies, information security experts said Friday.
The stolen NEM could be eventually cashed because tracking cryptocurrencies is difficult once they are exchanged, the experts said.
Exchanges for the stolen NEM were offered at a website on the dark web, one of the experts, Takayuki Sugiura, said, referring to a highly anonymous internet space often used for money laundering and other crimes.
The balance of the stolen NEM shown on the website offering exchanges dropped to zero at around 7 p.m. on Thursday, and the page switched to an image of North Korean leader Kim Jong Un smiling in front of wads of cash, Sugiura said.
Exchanges of the stolen NEM for other cryptocurrencies accelerated after the Singapore-based NEM Foundation said on Tuesday it had stopped tracking the cryptocurrency stolen from Coincheck.
The incident has made it known to criminals that cryptocurrencies can be easily exchanged, Sugiura said.
“The government should take steps quickly to fight money laundering, including blockchain monitoring,” Sugiura said, referring to a core technology used for cryptocurrencies.
Following the Coincheck incident in January, Japan’s Financial Services Agency has been tightening standards in the nation’s digital money industry.
On Friday, the FSA issued a warning to Hong Kong-based cryptocurrency exchange Binance for operating without registration.
The FSA said in a statement that it issued the warning to Binance, one of the world’s biggest cryptocurrency exchanges, for engaging in business with Japanese residents via the internet despite lacking permission.
The regulator said Binance likely allowed Japanese residents to open accounts without confirming their identities, adding that the exchange would face criminal charges if it continued to do business without a license.
An FSA official, however, said it had not given the exchange any particular deadline to cease operations.
Binance Chief Executive Changpeng Zhao said on Twitter the exchange was told of the warning on Friday morning, and was engaging with the watchdog.
“Our lawyers called JFSA immediately, and will find a solution,” he wrote, referring to the regulator. “Protecting user interests is our top priority.”
Binance did not immediately respond to a request for additional comment.
Last year, Japan became the first country in the world to regulate its cryptocurrency industry, requiring all exchanges to register with the authorities in an effort to bolster consumer protection and clamp down on the illegal use of digital money.
The warning against the Hong Kong exchange marked further steps by the FSA to shore up consumer protection in the wake of the January Coincheck theft.
A similar warning was issued in February to Macau-based Blockchain Laboratory, which was also apparently operating without registration.
The watchdog has also recently punished seven cryptocurrency exchanges already registered or awaiting registration over issues ranging from lax security to poor money laundering controls.
On Thursday, Coincheck submitted its second business improvement plan to the FSA.
According to the plan, Coincheck will overhaul its customer protection measures and management system, and terminate the handling of virtual currencies favored in money laundering. It also announced the resumption the same day of withdrawals and sales of cryptocurrencies Lisk and Factom, which were suspended after the hack.
Although the exchange plans to unfreeze other currencies after confirming the safety of their trading systems, it will refrain from resuming the handling of virtual currencies Monero, Zcash, Dash and Augur due to money laundering concerns, sources said.