back to article Stop us if you've heard this one before: Tokyo crypto-cash exchange 'hacked' for half a billion bucks

Japan-based cryptocurrency exchange CoinCheck says it has been taken for around $530m by hackers. The Tokyo-based exchange says it is working with cops and Japan's Financial Services Agency to investigate a heist CoinCheck admits went undetected for more than eight hours. CoinCheck believes the theft occurred Friday around …

Silver badge

lol

36
1
Gold badge

Is that another kind of crypto-currency? I mean I've not heard of LOL, but then I'd never heard of NEM either...

How many thousand dollars is a LOL worth? And is that more or less than a ROFL?

0
0

And people want to continue to use these things?

I doubt very much if they were FDIC or similarly insured. Idiots....

14
2
Silver badge

Re: And people want to continue to use these things?

Remember when somebody called up SWIFT and stole all of Bangladesh central bank's money?

11
4
Silver badge
Trollface

The Japanese have a word for it . . .

大喜び

Or so I'm told.

6
0
Anonymous Coward

Re: The Japanese have a word for it . . .

I have used Google Translate to get "Great Joy".

Why do I hear it in a Stanley Unwin voice :) :) *

There is a prize if you can remember when Gerry Anderson & Stanley Unwin 'Collided' :)

[The Secret Service]

*Yes I know his phrase was 'Deep Joy', before I am corrected. :) :)

4
0

They did not even get their tulips back - so sad!

18
1
Silver badge

I wonder how many of these are inside jobs?

These are small companies with only a few employees, who know the weak spots and could even design in some weak spots. Wait and let it get popular, then "attack" from the outside and put it somewhere you can't touch it until the statute of limitations runs out - if possible in a non crypto cash form, since the tulips may be worthless by the time you can no longer be prosecuted!

27
0
Silver badge

Re: I wonder how many of these are inside jobs?

My bet is that the vast majority of these are either inside jobs or outright exit scams.

36
0
SVV
Silver badge

Re: I wonder how many of these are inside jobs?

Yeah, the fact they left this one computer, apparently holding half a billion dollars worth of vapourloot, directly connected to the internet sort of said "Two idiots and a PC in a small rabbit hutch size office" to me when I read it. Certainly not "secure financial institution with extensive IT security infrastructure". Mind you, escaping the clutches of the latter was what this whole caper was all meant to be about wasn't it?

18
0
Silver badge

Indeed. I am in awe of how they are showing it to "the Man".

Great job guys, keep up the good work.

2
0
Megaphone

Just VOID the Crypto numbers and redo them

One should be able to create a top address FFFFFFFFF etc for voiding crypto numbers stolen that is registering a crypto coin as owned by the void address and encrypted off , new numbers should then be reissued to the rightful owner.

1
18
Silver badge

Re: Just VOID the Crypto numbers and redo them

The point of cryptocurrencies is that they're decentralised and trustless, i.e. there is no governing authority. Almost by definition, whoever controls a wallet's private key owns the coins it contains.

37
0
Silver badge

Re: Just VOID the Crypto numbers and redo them

From Wikipedia:

CryptocurrenciesBearer bonds have historically been the financial instrument of choice for money laundering, tax evasion, and concealed business transactions in general. In response, new issuances of bearer bonds have been severely curtailed in the United States since 1982.

20
0
Silver badge

Re: Just VOID the Crypto numbers and redo them

"CryptocurrenciesBearer bonds have historically been the financial instrument of choice for money laundering, tax evasion, and concealed business transactions in general."

Not as much as US $100 bills are.

2
0
TRT
Silver badge

Re: Just VOID the Crypto numbers and redo them

I thought it was that huge Euro note, I forget the exact denomination.

1
0
Anonymous Coward

Re: Just VOID the Crypto numbers and redo them

>crypto numbers stolen that is registering a crypto coin as owned by the void address and encrypted off

Not sure why you got so many downvotes, concentration of ignorami is high whenever crypto comes up.

Various methods are possible depending on the model used. These particular coins support tagging - so they are now blacklisted at most exchanges and lit up for tracking. Effectively they are now valueless.

With most coins it's also possible in extremis - much more massive fraud than this - for the devs (ie the coins governing authority) to roll back (hardfork) the blockchain and wipe out the fraudulent transaction. This would require certain community support so unlikely to happen where fraud is so small in terms of market cap.

...also notable that this happened in Japan which is well ahead of most countries in leglisation. Crypto is legal tender and exchanges are registered by law - compensation has to be paid - in this case at 88 yen (against just over 100 when the fraud took place).

0
0
Anonymous Coward

Re: Just VOID the Crypto numbers and redo them

The 1 Zeubimbro note?

0
0
TRT
Silver badge

Re: Convenient notes for criminals.

The €500 note. That was the one that was withdrawn due to the number of times it was implicated as the preferred means of moving dirty money around.

3
0
Silver badge

Re: Just VOID the Crypto numbers and redo them

@TRT

They did, indeed, stop making the 500 euro notes due to the "you can fit HOW MUCH in a suitcase?" factor.

2
0

Re: Convenient notes for criminals.

The 500 Euro note has not been withdrawn. There are still plenty around and they are still accepted and will continue to be accepted for the foreseeable future according to the European Central Bank.

What has happened is that no new ones are being printed and banks are no longer handing them out like they used to.

1
0
Anonymous Coward

Re: Just VOID the Crypto numbers and redo them

@TRT; This is a pretty huge Euro note if you ask me.

Or possibly a very small man.

1
0

This post has been deleted by its author

GBE

What unpleasant memories?

The security blunder will for many cryptocurrency speculators bring back unpleasant memories of the 2014 MtGox collapse.

What unpleasant memories?

I found the whole thing very interesting and somewhat amusing. Though it is somewhat disappointing that we never got to read the final couple chapters in the mystery...

24
1
Anonymous Coward

Re: What unpleasant memories?

>What unpleasant memories?

Not that unpleasant for the hedge funds that bought up a ton of the MTGox claims @ 15% of yen - they've made a considerable stack of millions the past few months. Double the misery for those who lost coin in the initial theft, then sold on their claims of course.

Nonetheless, I can't help thinking much of the crypto schadenfreude here is from those who (repeatedly) missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids.

4
14
Silver badge

Re: What unpleasant memories?

"Nonetheless, I can't help thinking much of the crypto schadenfreude here is from those who (repeatedly) missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids."

I indeed missed my chance to buy some Bitcoin before it went up in value, then down, then up, then up, then down, then was stolen.

50
1
Silver badge

Re: What unpleasant memories?

Nonetheless, I can't help thinking much of the crypto schadenfreude here is from those who (repeatedly) missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids.

Hindsight's a wonderful thing, but you don't gamble with hindsight.

What are the odds that if you had some bitcoins that you'd mined (or bought to buy drugs) in 2010 that you still have them today, as opposed to either losing them or cashing out when it hit $100?

20
0
Anonymous Coward

Re: What unpleasant memories?

"by risking only a few tens/hundreds/thousands of quids". .......

They can only pay off their mortgages when they sell their crypt currency to a bigger mug who thinks it will pay off their mortgage. However they have tasted the kool aid and are convinced they are going to make even more money so probably wont sell till their coins are stolen from them or the inevitable bubble bursts.

It's quite a fragile bubble too. As of today the bitcoin miners (well the big ones that aren't stealing electricity) are likely to be loosing money on every bitcoin they mine. This has happened because the big price increase in December made it worthwhile to invest in more mining hardware. This has now fed through into the "difficulty" needed to mine Bitcoins and they are now twice as difficult to mine as they were back at the start of December. As mining efficiency wont have changed dramatically in this time period it really means double the hardware and so double the electricity bills. If the Bitcoin price had stayed high they would be laughing, but it's back where it was. So the miners can either make a loss hoping to prop up Bitcoin till it recovers or move onto the next big crypto currency and let the bitcoin difficulty fall to a price where its economic again.

23
1
Anonymous Coward

Re: What unpleasant memories?

"as opposed to either losing them or cashing out when it hit $100?"

This! I keep hearing people saying "if only, I had kept/bought into BTC when they were pennies" but the whole point is even if you did, you'd have needed balls of steel to ride your investment all the way up to the point it was worth millions all the while knowing that at any moment it could crash or be stolen.

My own story is I had 3 BTC (got in at about $250) - if did everything perfectly I could have made a tasty $60,000 but in reality I was selling pieces on every doubling (to take some profit) and although I made some pocket money it was a long way from paying off my mortgage!

11
0
Anonymous Coward

Re: What unpleasant memories?

Unless you are a miner* then all the money in Bitcoins is neutral. There will be as many winners as there are losers. The only way to keep the prices rising is to get more people to put money into it and for that to happen then you need to ensure trust in the system but even then there is only a finite amount of Bitcoins and only a finite amount of people. It works similar to a ponzi scheme but doesn't have such a quick end as, unlike a ponzi scheme, it isn't exponential.

The big losers will be the ones holding the Bitcoins when there is a big crash (or they get stolen etc) however making sure you are at the top end of the peak is very difficult, especially now there are traders heavily involved.

*Miners, of course, have their own set of economic considerations to make.

7
0
Silver badge

Re: What unpleasant memories?

just have a local wallet. back it up. back it up again. encrypt and email it to yourself. back it up again.

its less likely to be stolen then.

2
0
Silver badge

Re: What unpleasant memories?

I heard a story tonight of a friend of a friend who remembered they had a handful of bitcoins from the early days when they were worth dollars each, and sold them at December's high.

Lucky boy. I think the "I forgot about them" aspect is the key to the good fortune here.

6
0
Anonymous Coward

Re: What unpleasant memories?

>I indeed missed my chance to buy some Bitcoin before it went up in value, then down, then up, then up, then down, then was stolen.

That's the spirit - only a tech wizard uber geek could keep a wallet secure - and a paltry 1000% profit (at today's price) since the 1BTC latte era is hardly worth the bother.

1
1
Anonymous Coward

Re: What unpleasant memories?

> My own story is I had 3 BTC (got in at about $250) - if did everything perfectly I could have made a tasty $60,000 but in reality I was selling pieces on every doubling (to take some profit) and although I made some pocket money it was a long way from paying off my mortgage!

Thank you for posting a proper first-hand story.

I have no first-hand experience myself. From this point of view, it does look a lot like the various exotic financial instruments that very respectable-looking people buy, sell and discuss every day. When I had it explained to me by an economist, my understanding was that some of those things boil down to a promise to sell a promise to buy a promise not to sell before $X a bond to buy a share at a price $Y except if the price was $Z in which case you could pay $W or feed your cat, or something like that. Funny thing is that the way she explained it, it all made sense for a minute. :-(

6
0
Bronze badge

Re: What unpleasant memories?

"I indeed missed my chance to buy some Bitcoin before it went up in value, then down, then up, then up, then down, then was stolen."

Yet there are some folks out there, who have bought their crypto-thing, are looking at the buy/sell values on the exchanges, and they STILL insist the right thing to do is hold on to them forever. These are people who bought in (big time) to the idea of crypto-currencies at least 18 months ago, maybe more, and got in for peanuts, so the whole up/down between 1,000x and 10,000x their purchase price is almost irrelevant.

When someone can look at the string of numbers on their disk drives and opt for that rather than life-changing quantities of money in the bank, it is an indication of the hypnotic quality of belief and bubbles. Some will (and have) made pleasant fortunes, others will have theoretical fortunes come and go on paper, others (those joining in the last year) are buying in to a risky speculation where the opportunity to make money still exists but the returns are much diminished while the risks remain high.

8
0

Re: What unpleasant memories?

".... back it up again, its less likely to be stolen then."

Except that with multiple copies in multiple places, isn't there is more chance of it being stolen?

6
0

Re: What unpleasant memories?

Is it still possible to convert bitcoin into £/$/€. The smart money isn't touching the stuff, 10K+/coin is too much for the rest of us. So who exactly has the cash to buy your 100 bitcoins? If you can't sell them, they are worthless.

7
0
Anonymous Coward

Re: What unpleasant memories?

So glad you mentioned Ponzi schemes as this is more or less what Bitcoins and similar are.

I cannont understand why virtually (pun intended) no-one sees this.

Yet another scam for the 'Mug Punters' out there.

6
0
Anonymous Coward

Re: What unpleasant memories?

Hence the 'Ponzi Scheme' comment.

You get your money from the next tranche of 'Mug Punters' who have been sold the possibility of huge profits and who are convinced that you selling up is their big chance.

Round and round and round we go, who makes the profits we don't know !!! :)

3
0
Anonymous Coward

Re: What unpleasant memories?

>So who exactly has the cash to buy your 100 bitcoins?

Vast numbers of people at any exchange. Hundreds of established hedge funds will take them if you must have a single buyer and want to shake hands or something. Smaller exchanges limit daily fiat withdrawals - but the likes of Bitfinex do not. 100 bitcoins is a modest trade there - the first discounted taker rate doesn't kick until 10 million USD.

2
0

Re: What unpleasant memories?

Presactly! I seriously considered taking a punt of £10k in Bitcoin when it was £250 a few years ago, i.e. 40 BTC. In today's money that would have been £240,000! Cool, awesome, great, I'd have been rich!!

But the reality is, when it doubled to £500 per BTC (£20,000 in total) not having a crystal ball, I probably would have sold half (20 BTC) to get my original £10k out.

Then when it doubled again to £1,000 per BTC (again worth £20,000) I probably would have sold half (10 BTC) to get another £10k out, realising a 100% return on my original investment.

I suspect I would have repeated this formula of selling half every time it doubled, so by now I'd have extracted £40k profit and still hold £10k in BTC. Don't get me wrong, £40k would have been very nice to have, but it's a far cry from the theoretical and mortgage clearing £240k it could have been.

1
0

Re: What unpleasant memories?

"...missed the chance to pay of their mortgages by risking only a few tens/hundreds/thousands of quids..."

"What are the odds that if you had some bitcoins that you'd mined (or bought to buy drugs) in 2010 that you still have them today, as opposed to either losing them or cashing out when it hit $100?"

I've just heard of a FOAF who has recently done this. He mined 65 BTC back in the day and has just paid off his mortgage with half of it. Of course all that money has come from all those thousands of punters who have bought into tulips- sorry, Bitcoin- over the past few years.

0
0
Silver badge

HSM, anyone?

The private key to remotely accessible wallet was accessed. OK, why is it that these are set up such that the keys are stored outside of a HSM? For the value of digitally-stored objects, one would think that a relatively small investment should be made in better security. PKCS-11 isn't all that difficult.

2
0

Re: HSM, anyone?

Somewhat more sophistication would be needed. The perps would simply access the HSM to make the transfer. They don't really need the private keys directly, just access to the private keys to authorize a transfer.

Another step is needed-- something like a smartcard (or cards) to access the HSM which is used to encrypt the elements of the key store containing the private keys. And that is only effective if the smartcard isn't left enabling the HSM for transactions.... and while one is at it, also compartmentalize the cash so that separate private keys are needed for Piles-O-Cash(r), using different smart cards.

The problem they probably had, and the reason for the 0130AM local attack, is that the wallet private key needs to be accessible for transactions by late night Dark Web transactions, speculation, or even the purchase of a Coke(r). So, maybe you need a operator with an hourly smart card, watching transactions, with a ceiling transaction value before the boss is called in (at 0130) to authorize a Really Big Transaction (or a million little ones). At least then, there is a human in the loop to keep 500 big from being snatched. But wait, when you start small you can't afford an operator dozing all night long, so you just let the system run unattended and pray MtGox was an anomaly.

Of course, the failure could be much simpler. Some dim bulb left the connection open to the vault wallet which should only be accessible during shifts when transactions are being watched. Or the only protection is a passphrase. Or any of a million other failings.

There is a reason that banks make non-repudiation difficult... and most transactions can be reversed for at least a few days.

8
0
Anonymous Coward

Re: HSM, anyone?

Glad this has been explained to a crypto currency luddite.

I always wondered how so much could go missing at one time, and it is apparent it is as obvious (and stupid) as carrying £500m in you own wallet while walking through a Brazilian Favela while wearing Hawaiian holiday shirt and pointing around the most expensive looking camera possible.

Maybe hard forking is an answer, that may need a bit of thinking through as to the logistics I feel, as if there is no central bank type entity then a majority of other transacting stakeholders will need to agree which does not sound straightforward at all.

Inside jobs? possibly. Incompetence? more likely. Naive techie pretending to be a banker? even more likely?

0
0
Holmes

Aaaand It's Gone...

So the virtual currency virtually disappeared...really? Just reboot this farce game to the last save.

12
0
Anonymous Coward

Re: Aaaand It's Gone...

+1 for the South Park reference.

If it wasn't then watch this anyway ... And it's gone

3
0
Anonymous Coward

Cryptocurrency exchange operations

As Woody Allen once said: "Take the Money and Run".

1
0
Silver badge

Re: Cryptocurrency exchange operations

Or as they say in one Eastern European country: "The man took the money and said 'I will have a look at it' (nobody has seen him since)".

0
0
Silver badge

Occam's Razor

O'l Occam tells me they are claiming "Hackers Stole My Homework! (TM)" in a bid to confuse matters, while they try to run away with the loot.

6
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018