Content, Breach

XEM $530 Million Heist: Can Hackers Launder Cryptocurrency?


Late last week, hackers stole some $530 million worth of cryptocurrency from the Tokyo-based Coincheck exchange in one of the largest thefts ever recorded. Now the crooks are attempting to launder the pilfered XEM coins through six exchanges where they can be sold, according to the NEM Foundation, which created the cryptocurrency.

The coins have been traced to an unidentified account, Reuters reported. Meanwhile, the investigation now extends to several countries, Takao Asayama, a member of the Singapore-based NEM Foundation, told the news agency. The foundation is collaborating with exchanges to try to impede the hackers from cashing out the cryptocurrency, Asayama reportedly said.

“(The hackers are) trying to spend them on multiple exchanges. We are contacting those exchanges,” Jeff McDonald, NEM Foundation vice president, told Reuters separately. He said the hackers probably won’t be able to move all of the stolen cryptocurrency at one time.

As Coincheck has been ordered by Japanese authorities to improve its security, so will all cryptocurrency exchanges in the country be examined for security vulnerabilities, the report said. So far, the hackers have launched trial balloons to test the tracking system with attempts to transfer some of the coins to two exchanges. The thieves have reportedly sent out XEM coins in batches of 100, worth about $83 each, to various accounts. The stolen coins are said to amount to about five percent of the total supply of XEM, which is the world’s 10th biggest cryptocurrency.

The XEM robbery is the latest of about three dozen known on cryptocurrency exchanges in the last six years, according to a Reuters count. Recovering stolen bitcoins is basically impossible: Nearly one million bitcoins have been lifted from exchanges with barely any retrieved to this point, Reuters said. As a result, many of the hacked exchanges have subsequently shut down.

Here’s a list of the most notable cryptocurrency burglaries (via Reuters):

  • Bitfinex: In August, 2016, about 120,000 bitcoins valued at roughly $72 million was stolen from the Hong Kong-based cryptocurrency exchange. At the time, the Bitfinex hack was the second-biggest security breach ever of a digital currency exchange.
  • Mt. Gox: The Tokyo-based bitcoin exchange, no longer in operation, filed for bankruptcy in 2014 after losing some 850,00 bitcoins worth about $500,000 million along with $28 million in cash from its bank accounts to hackers. Mt. Gox, which once handled 80 percent of the world’s bitcoin trades, apparently recovered about 200,000 of the bitcoins.
  • Cryptsy: A U.S. federal judge in Florida in July ordered Paul Vernon, the operator of the collapsed U.S. exchange to pay $8.2 million to customers after he failed to respond to a class-action lawsuit. The judge ruled that 11,325 bitcoins had been stolen in 2014 but did not identify the thief.

Other heists include Bter, which lost 7,170 bitcoins in 2015;, hacked of 18,788 bitcoins lost in 2012; Bitfloor, which lost 24,000 bitcoins lost in 2012; and, Bitcoinica, which lost a total of 102,101 bitcoins in three hacks in 2012.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.