In the wild world of cryptocurrencies, the promise of decentralized finance and digital gold has been accompanied by a darker reality: a history of hacks, scams, and thefts that have cost investors billions. Among these, the 2018 Coincheck hack stands out not just for its sheer scale, but for the audacity and complexity of the crime—and the lingering mystery of its aftermath.
The Rise of Coincheck: A Story of Ambition and Growth
Coincheck, a Japanese cryptocurrency exchange, was founded by Kachiro Wada and Yasuke Otsuka during the early days of Bitcoin’s rise. Initially launched under the name Regupress, the exchange offered basic services but quickly grew in popularity as one of the early adopters in the nascent cryptocurrency industry. As Bitcoin and other cryptocurrencies surged in value, so did Coincheck’s user base and the amount of funds it managed. By 2018, Coincheck was responsible for managing over $1 billion in user deposits, making it one of the largest cryptocurrency exchanges in Japan.
The Hack: A $500 Million Heist Unfolds
On January 26, 2018, at 2:57 AM local time, Coincheck’s fortunes took a dramatic turn. Hackers gained access to one of the exchange’s hot wallets, which contained a staggering $523 million worth of NEM (XEM) cryptocurrency. The hack was one of the largest in history, rivaling even the infamous Mt. Gox incident in 2014.
Details of how the hack was executed remain murky, as Coincheck never fully disclosed what went wrong. What is known is that the hackers managed to infiltrate a company terminal that was infected with malware, providing them with access to the wallet. In a critical security lapse, Coincheck had stored the entire balance of $523 million in a hot wallet—an online wallet connected to the internet—making it vulnerable to such an attack. This decision would later be criticized, as best practices in the industry recommend storing the majority of funds in cold wallets, which are offline and therefore much more secure.
The Aftermath: Panic, Speculation, and Price Collapse
As the hack unfolded, Coincheck quickly realized something was wrong and issued a warning to its users, advising them not to deposit any more NEM into the exchange. Social media lit up with speculation, as large sums of NEM began moving rapidly across the blockchain, sparking fears of an impending collapse.
In the days that followed, Coincheck confirmed the hack, sending shockwaves through the cryptocurrency community and causing the price of NEM to plummet. The scale of the hack, coupled with the exchange’s delayed response, led to widespread criticism and panic among investors. At the time, the hack was widely reported as the largest in history—a title it held until subsequent incidents surpassed it.
The Hackers’ Clever Gambit: Exploiting Human Greed
As investigators, including the NEM Foundation and Japanese authorities, scrambled to trace the stolen funds, the hackers were already a step ahead. They began moving the stolen NEM through a network of wallets, making it increasingly difficult to track. In a bold move, the hackers sent out an on-chain message to several addresses on February 7, 2018, announcing a dark web marketplace where the stolen NEM could be bought at a 15% discount.
This was an unprecedented tactic. The hackers essentially created their own cryptocurrency exchange, offering stolen funds in exchange for clean ones. The offer was simple: send us Bitcoin, and we’ll send you NEM, minus a 15% laundering fee. At first, only a few individuals took the bait. But as word spread that the transactions were going through without interference from law enforcement, more people jumped in, eager to profit from the discount.
The greed of these individuals played right into the hackers’ hands, turning an already significant heist into a nearly perfect money laundering operation. However, the very nature of blockchain technology—transparent and immutable—meant that every transaction left a trace, providing investigators with a digital trail to follow.
The Aftermath: Tracing the Funds and the Elusive Culprits
Despite the initial success in laundering the stolen NEM, the hackers soon faced the challenge of converting their ill-gotten gains into usable currency. The transparency of blockchain technology meant that anyone, including law enforcement, could see where the money was going. The NEM Foundation and other investigators placed “mosaics” on the stolen tokens—digital markers alerting exchanges that the funds were tainted.
Still, the hackers managed to distribute the NEM across numerous wallets, obfuscating the trail further. By the time investigators caught up, the hackers had already laundered most of the funds. According to research by Yoichi Tashaya and Naoki Hiramoto, it took just 43 days for the hackers to offload their stolen NEM.
The laundered funds were eventually consolidated into a few key Bitcoin wallets. Two of the largest wallets, labeled RCDTN and F4WKE, received 5,511 and 2,949 Bitcoins, respectively. Despite the efforts to track these funds, the trail led to centralized exchanges, where the money could be converted into fiat currency. This is typically the point where law enforcement steps in, using tools like subpoenas to obtain account information from exchanges. However, in the case of the Coincheck hack, no arrests were made, and the trail went cold.
The Forgotten Heist: Why Hasn’t Anyone Been Caught?
The Coincheck hack remains one of the largest cryptocurrency thefts in history, yet it has largely faded from public memory. Despite the scale of the crime and the clear digital trail left behind, the perpetrators have never been caught, and the case has not been revisited in the headlines since 2018.
This is particularly puzzling given the amount of Bitcoin that has since been traced to various exchanges, including Poloniex, Kraken, and Bitfinex. In some instances, hundreds of Bitcoins were deposited in a single transaction, yet no action was taken to identify the individuals behind these accounts.
The mystery deepens when considering that the stolen funds are still active. As recently as February 2024, significant sums of Bitcoin linked to the Coincheck hack were moved between wallets. One wallet, holding 326 Bitcoins (worth approximately $22.5 million), has seen regular activity, with the funds being transferred multiple times over the years. Another wallet, holding 3,000 Bitcoins (worth around $204 million), was moved just three months ago after remaining dormant since 2021.
The Twist: Arrests, But Only for the Small Fish
In 2021, Japanese authorities arrested 30 individuals connected to the Coincheck hack—not the hackers themselves, but those who had purchased the stolen NEM at a discount. These individuals were found to have traded approximately $100 million worth of the stolen cryptocurrency, accounting for less than a fifth of the total amount laundered. The arrests, while significant, only scratched the surface of the larger operation. Over $400 million worth of laundered NEM remains unaccounted for, and the masterminds behind the heist are still at large.
Conclusion: The Heist That Keeps on Giving
The Coincheck hack is a tale of ambition, greed, and the complexities of cryptocurrency. Despite the transparency of blockchain technology, the hackers managed to pull off one of the most significant heists in history and remain free to this day. The stolen funds, now worth nearly $1 billion, continue to move through the digital underworld, awaiting the perfect moment to be cashed out.
This story serves as a reminder that in the world of cryptocurrency, no system is foolproof, and even the most sophisticated digital heists can slip through the cracks of justice. As the value of these assets continues to grow, so too does the incentive for hackers to exploit vulnerabilities—leaving investors and exchanges in a constant race to stay one step ahead. The Coincheck hack may have been forgotten by many, but for those who lost their funds, and for the authorities still searching for the culprits, the case remains very much alive, a shadowy reminder of the risks inherent in the world of digital finance.
