The Yomiuri ShimbunComputer devices of employees at Tokyo-based virtual currency exchange operator Coincheck Inc. were infected with viruses via emails several weeks prior to a massive theft of NEM cryptocurrency from the operator, The Yomiuri Shimbun has learned.
These employees clicked a link in e-mails that were written in English, according to sources.
The Metropolitan Police Department suspects that hackers intruded into the operator’s intracompany network via infected computers and stole confidential information to transfer the virtual currency. About ¥58 billion worth of NEM was stolen from the operator.
Yusuke Otsuka, a Coincheck director, held a press conference Thursday in Tokyo.
Following the revelation of the theft, Coincheck asked information security experts to analyze its server and communication logs on employees’ personal computers, and the operator later found that some of these computers had been infected with viruses via English emails, according to Otsuka and other sources.
The operator’s intracompany network is believed to have been illicitly accessed from outside via the infected computers, and an encryption key — security code to transfer NEM — is believed to have been stolen through remote control, they said.
With the stolen encryption key, NEM was transferred to outside of the operator. The contents of the email point to the likely possibility that the emails were targeted at the operator alone rather than being sent to a large number of unspecified users.
Prior to the incident, Coincheck held seminars for employees to learn security measures and urged caution against suspicious emails, but it failed to prevent the damage in the end.
At the press conference, Otsuka apologized for the infections. “Our risk management proved to be lax,” he said.
According to the director, Coincheck will work to prevent a similar or worse theft from happening even if another illicit access to the intracompany network occurs in the future, by taking such measures as strengthening restrictions on access to the network both from inside and outside and introducing monitoring by an external institution with expertise.
Regarding the emails sent to Coincheck’s employees, Junichi Yasuda at information security firm McAfee pointed to the possibility of a “targeted attack” on a specific organization to steal its information.
Virtual currency exchange operators are “the same as financial institutions such as banks in that they keep customers’ assets, and sufficient measures should have been taken, even if it added costs,” he said.Speech