The Yomiuri Shimbun The network of major cryptocurrency exchange Coincheck, which lost about ¥58 billion worth of the cryptocurrency NEM in a hacking theft, was repeatedly accessed illegally via servers in the United States, Germany and the Netherlands, The Yomiuri Shimbun has learned.
The network was illegally accessed from the three countries about two to three days before the theft, according to sources close to those investigating the matter.
The Metropolitan Police Department said it is highly likely the hackers were trying to steal the management information of NEM. Police continue to investigate where the access came from, in cooperation with foreign authorities.
The MPD confirmed there had been unlawful access after analyzing the communication records of the firm’s internal networks. The incidents began around Jan. 23 — three days before the NEM theft, according to the sources — and continued intermittently until Jan. 24.
Coincheck kept control of cryptographic keys and other things required to send virtual currencies in its internal networks. The MPD is investigating whether such secret information was stolen before the hack.
Through overseas investigative authorities, the MPD has been making inquiries with the companies operating the servers in question about the IP addresses and access logs of the points from which the access came.
However, hackers who attempt to gain illegal access tend to go through multiple countries to hide any trace of the original source.
There is a possibility that the real locations are in other countries, so it could take some time before the points of origin are tracked down, the sources said.
The MPD has received data on the servers from Coincheck. Using this data, the MPD is analyzing the servers’ transmission status from before and after the theft, as well as trying to determine whether they were infected by a virus.Speech