Skip to main content
banner image
venafi logo

Experts Weigh in on the Coincheck Breach: Will It Change Security for Crypto Banks?

Experts Weigh in on the Coincheck Breach: Will It Change Security for Crypto Banks?

coincheck breach
February 1, 2018 | Scott Carter

Earlier this week, Coincheck, one of Japan’s most prominent cryptocurrency exchanges reported the loss of 500 million NEM tokens, worth roughly $400 million. Not only is this the biggest crypto bank heist in history, it may well be the most costly breach of any type of bank. Major breaches are often a catalyst for change in security practices. They spawn a lot of speculation about what may have gone wrong and how the shock waves may impact the industry at large.

How safe is cryptocurrency? We asked six industry experts how they think the Coincheck breach is likely to change the notion of security for crypto banks.

Learn from Traditional Banks

Infosec strategist Allan Pratt feels that crypto banks must learn security lessons from their counterparts at traditional banks.

Thanks to blockchain, I believe the security of cryptocurrency itself will be safe, at least until compute speeds reach the point where everyday computers can make massive complex calculations. However, the exchanges will always be the weakest link. Using social engineering techniques, malware, DDoS, or even insider bad actors, as cryptocurrency becomes more mainstream, attacks on the exchanges will only increase.

That said, as with traditional banking, security for crypto banks must become an integral part of doing business. Checks and balances must be put into place either digitally or with human intervention so that it is not just a matter of keystrokes to make a withdrawal. Protocols such as multiple firewalls, multifactor authentication, hardened servers, system and software updates, and advanced IPS all have roles here. Vulnerability scanning and penetration testing should be used frequently (for example, monthly) to test exchange networks.

By design, cryptocurrencies are anonymous. They were meant to be used, bought and sold without banking regulations and government oversight. Unfortunately, as a result, crypto banks will always be targets.
(@Tips4Tech)

No Major Changes

IT security consultant Chris Payne predicts that there will be few changes, just business as usual for crypto banks

There is some speculation that this is the largest recorded bank heist ever. Despite this, it really goes to show how much money has been made in crypto as the exchange has reported it will pay back 90% from its own funds and remain open. That’s a huge reserve fund. This of course has happened before with the famous case of Mt. Gox.

I’m not sure if it will change security for crypto exchanges. They seemed to do everything right, they spotted fraudulent activity and halted transactions. They also had hot and cold storage, maybe the lesson is to hold less in hot storage. Will more heists take place? Absolutely, exchanges are holding vast sums of currency now, so are a natural target. Not all coins are untraceable but it is easier to launder crypto. (@ChrisPayne804)

More Regulation

Cybersecurity writer Kim Crawley sees more regulation in the future for crypto exchanges.

I think the attack on Coincheck will definitely put pressure on the Japanese government to better regulate the cybersecurity of cryptocurrency exchanges. But coming up with regulations and enforcing them will probably be a frustration. Many more cyber attacks on exchanges are inevitable no matter what governments do. But making sure that exchanges have better security technologies and policies will certainly help.

Cryptocurrency and their exchanges are new enough to be in their Wild West phase. Conventional banks and fiat currencies have been around in some form or another for hundreds of years. As computer networking became a part of banks starting perhaps in the 1960s, government regulations were created in almost all capitalistic countries in order to protect the digital aspects of customers' money. Conventional banks are not completely safe from cyber attack, and incidents happen to bank computers all the time. Nonetheless, conventional banks have a lot more regulations and systems in place to assure security than cryptocurrency exchanges have.

The international nature of cryptocurrency exchanges and their customers is an additional challenge. Banks are tied to specific countries and the federal regulatory bodies of those countries. The customers of a bank that operates in one country are predominantly citizens and residents of the same country. The same doesn't usually apply to cryptocurrency exchanges. Therefore as governments are pressured to come up with security regulations for cryptocurrency exchanges, they'll have a real mess on their hands. It also doesn't help that many cryptocurrency holders think that blockchain is the only thing that's needed in order to keep their digital money secure. (@kim_crawley)

Tighten Existing Security

Infosec analyst Bob Covello believes that crypto banks probably have the right security, they just need to use it better.

It is unfortunate every time crimes like this happens. Cryptocurrency storage is very much like the early days of traditional banks, where a holdup required little more than a bandit with a mask and a gun. As traditional banks started to study their problems, they learned that the weakness was not in the banking system. Rather, it was a weakness in their security implementation. The same holds true for cryptocurrency. The system is reliable, but some of the implementation is flawed. Isn't that the failing of most of the encryption breaches in history? (@BobCovello)

Become More Involved

Cyber Security Practice Manager Matt Pascucci urges users to take a greater role in the security of storing their own cryptocurrency.

The compromise of Coincheck is a major concern for those looking to invest in cryptocurrency. This wasn’t the first time that the compromise of a Japanese exchange (think Mt. Gox here) allowed attackers to make off with hundreds of millions of dollars. I’m personally a huge fan of cryptocurrency and see the value of it being used in the future. But it’s deregulated nature, which makes it so popular and alluring, will lead towards issues like we saw with Coincheck and Mt. Gox if gone unchecked.

To limit these types of issues in the future users should seriously consider leaving their coins on a hardware wallet, like the Ledger Nano S, to mitigate the risk of having their coins sitting on exchanges that are at risk of compromise. The deregulated nature of cryptocurrency means that the authority over the exchanges isn’t well regulated and can lead to error. This doesn’t mean that crypto banks are less secure than other banks, most large banks have had issues too, but that the legality about refunding losses can be anyone’s guess. (@matthewpascucci)

Get Tough

Writer Jack Walker recommends that investors ask the tough questions about security.

The Coincheck theft not only shows the volatility of the nascent cryptocurrency market but also that its relative immaturity means there’s still some catching up to do in terms of security and regulatory oversight.

Cybercriminals will always go ‘where the money is’, and in that sense the hack is not so surprising - after all, researchers have long found that some wallets can be insecure and thus more likely to be compromised or stolen.

Investors should know the risks when investing in a cryptocurrency, whether that is CoinCheck, LiteCoin, Ethereum or Bitcoin. In particular, given the MxGox bankruptcy and the fact that CoinCheck is reimbursing affected customers, they need to question how secure these platforms are and how sustainable the companies are too.

How do you think security in crypto banks is likely to change?

Related blogs

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat