First, there was Mt. Gox, the cryptocurrency hack that rocked an emerging cryptocurrency ecosystem nearly off its hinges. Then, also from Japan, a hack of $500 million in 2018 saw Coincheck take over the mantle of the world’s biggest cryptocurrency hack.
Of course, no company wants to have this tag hanging around its neck. In fact, this tag is so hefty it could well strangle a business out of existence – as was the case with Mt. Gox. However, a year on from the hack, Coincheck received a Japanese license to operate with a bag full of experience behind it.
In an exclusive interview with Coincheck President Toshihiko Katsuya, by Longhash, the exchange explains just what has been learned from this devastating attack and how this hack shaped the current, stricter, Japanese cryptocurrency regulations.
“Coincheck, with over $500 million stolen, was the biggest hack since Mt. Gox,” Katsuya said. “We still don’t know who the hackers were. I think people were astonished by the amount.”
Katsuya explains that even though something like Bitcoin is decentralized, and therefore spread across the world with no real central store, it should be hard to hack and to drain funds. But, the caveat is coins collect in certain areas, and exchanges are the most vulnerable points.
“Crypto exchanges function like a kind of bank,” Katsuya added. “Crypto exchanges hold everything: customer information, customer fiat money, and customer crypto. So, we need to be very careful to safeguard these things.”
“After the hack, people realized crypto exchanges are custodians of crypto as well as fiat. They need to be more careful about that. The Japan Financial Services Agency (JFSA) had to order the strengthening of internal controls.”
That was part of the harsh reality for Coincheck to try and bounce back. Partly because of the hack on them, regulatory rules had tightened up; if they were to operate again, they had to ensure a lot of safeguards.
“We tried to persuade the JFSA that we can improve on cybersecurity, internal control, and money laundering said Katusya.” Before the hack, as long as a specific law did not prohibit crypto exchange activity, it was OK. But after the regulatory framework changed last year, crypto exchanges need to make sure their activity complies with self-regulatory rules.
It is, of course, admirable that Coincheck did all they could first to repay the stolen funds to their clients – as much as possible – but then for them to realize the importance of regulation of exchanges in order to ensure a safer space. The exchange was happy to meet the new requirements that their misfortune had created, knowing that the horrible event that befell them may make it harder for something like that to happen again.