CustodyStress
Archive › Named Events › Coincheck 2018 Hack and Bitcoin Custody Losses — CustodyStress
Part of the CustodyStress archive of observed Bitcoin custody incidents

Coincheck 2018 Hack and Bitcoin Custody Losses — CustodyStress

Documented custody cases associated with the Coincheck exchange in the Bitcoin Custody Incident Archive. The January 2018 hack of Coincheck resulted in the loss of approximately $530 million in customer assets — the largest exchange hack by value at the time of occurrence.

The most frequently documented recovery path in these cases is Exchange Support (2 of 2 cases). 100% of determinate cases resulted in some form of access recovery.

Background

Coincheck was one of the largest cryptocurrency exchanges in Japan. On January 26, 2018, the exchange was hacked and approximately 523 million NEM tokens were stolen from a hot wallet. The exchange had stored the NEM in a single hot wallet without multi-signature protection, contrary to standard security practice. The Japan Financial Services Agency subsequently issued business improvement orders to Coincheck. The exchange was acquired by Monex Group in April 2018, which implemented improved security measures. Coincheck compensated affected NEM holders at approximately $0.81 per token, totalling approximately $425 million.

Custody structure

Coincheck held customer assets in exchange-controlled wallets. The NEM that was stolen had been stored in a single hot wallet without multi-signature protection or cold storage segregation — a custody structure significantly below the standard at the time. The concentration of assets in a single addressable hot wallet represented a fundamental custody architecture failure.

How access failed

The hack exploited the single-hot-wallet architecture to drain the entire NEM balance in a single transaction. Affected customers lost access to their NEM balances. The custody failure affected customers holding NEM specifically — Bitcoin and other assets held by Coincheck were not affected. Compensation was subsequently paid by the Monex-owned Coincheck at a fixed rate.

Archive note

Archive cases involving Coincheck document individual access failures associated with the 2018 hack. While the primary stolen asset was NEM rather than Bitcoin, the archive includes cases where Bitcoin holders experienced access failures associated with the exchange's subsequent regulatory and operational disruptions.

Browse all cases Archive statistics Scenarios Dependencies About All events
Documented cases
BITPoint Exchange Hack — $23M Customer Cryptocurrency Stolen, July 2019
Exchange custody
Constrained 2019
On July 12, 2019, BITPoint, operated by Tokyo-listed Remixpoint Inc., discovered unauthorised outflows totalling approximately 3.5 billion yen ($32 million USD)
Coincheck Exchange Hack: 523 Million NEM Stolen, User Withdrawals Frozen
Exchange custody
Constrained 2018
On January 26, 2018, Coincheck, a Tokyo-based cryptocurrency exchange, discovered that attackers had stolen approximately 523 million NEM tokens valued at $530