Coincheck Hack 2018 — $534M Exploit Analysis

Japanese exchange Coincheck lost 523M NEM tokens stored in a single hot wallet without multisig protection.

Details

Full Description

Coincheck stored all NEM tokens in a single hot wallet without multisig security, contrary to NEM Foundation recommendations. Attackers gained access to the private key, likely through malware on an employee's computer, and drained the entire NEM holding in one transaction.

Laundering Analysis

NEM Foundation implemented an automated tagging system to mark stolen XEM. Most exchanges refused to accept tagged XEM. Funds were sold on darknet markets and converted through OTC desks. Despite tagging, Coincheck repaid customers ~$430M from company funds.

Sources

Transaction Hashes

Related Hacks

Back to Browse