The January hack of cryptocurrency exchange Coincheck for over $534 million in NEM sparked a crackdown from Japanese regulators, who descended on exchanges and began to ask hard questions about accounting and security at the fledgling operations.
Coincheck CEO Koichiro Wada and COO Yusuke Otsuka apologized with deep bows and issued statements. “We sincerely apologize to all our customers and promise to pay back everything that was stolen,” they said.
Now, 16 Japanese crypto-exchanges have banded together to issue best practice recommendations and, they hope, to head off the next huge theft.
“The Coincheck theft was completely inexcusable,” a spokesperson said.
“But there are even greater threats to cryptocurrency in Japan and abroad and no single exchange is equipped to address them all. Hacking, excessive regulations, and outright scams affect all markets, but the rise of big crypto has attracted an excessive share of bad actors.”
The new initiative consists of 16 licensed cryptocurrency exchanges represented by two trade organizations in Japan, all working toward rolling out operating and safety standards to present to the country’s Financial Services Agency (FSA.)
The FSA has made it clear that the exchanges need either to take decisive action or regulators will be forced to be much more aggressive.
“We get over a hundred calls a day from crypto investors complaining they have lost funds between $100 and $1 million. Most are misunderstandings, but even so even one person losing $50,000 is devastating,” an official said off the record.
Countermeasures
The new organization, yet unnamed, is comprised of two trade groups, the Japan Cryptocurrency Business Association (JCBA) and Japan Blockchain Association (JBA).
Taizen Okuyama, president of foreign exchange trading firm Money Partners Group and chairman of the JCBA, and Yuzo Kano, CEO of exchange startup bitFlyer and the head of the JBA, will serve as the chairman and vice chairman of the new group.
The move is expected to bolster crypto investor confidence after the Coincheck hack and similar hacks going back to the $460 million hack of Mt. Gox.
Though the initiative hasn’t announced any policies yet, it’s widely believed they will use the Coincheck hack as a starting point for countermeasures against hacking.
For example, cryptocurrencies have passcodes called secret keys, but they are not sufficient to protect the system from being hacked.
As a result, exchanges use a system of separately managing different secret keys called Multisig, so as to protect the system from being hacked and reduce the risk of theft.
Coincheck reportedly did not use this system to manage NEM tokens and instead kept tokens in hot wallets.
Coincheck also reportedly failed to have enough staff to even check whether wallets were secure. The hack was only discovered when a client tried to remove $100,000 in funds and found his wallet empty.
Coincheck has not been asked to be part of the new consortium and is still being investigated by the FSA.
