Since their inception, cryptocurrencies and their underlying blockchain technologies have been touted by their promoters as both secure and anonymous. Unfortunately, as a number of recent breaches by hackers into blockchain-based cryptocurrency exchanges have shown, this is not the case.

Blockchain technology, which relies upon a decentralized control system, as opposed to a centralized electronic money or centralized banking system, serves as the heart of cryptocurrencies such as Bitcoin. In a blockchain system, the transaction can be validated and secured without the presence of trusted intermediary parties, with the security due to the fact the blockchains are designed to be inherently resistant to modification of data.

However, there have been some glaring examples of blockchain breaches by hackers, resulting in the theft of millions of dollars of bitcoin and other cryptocurrencies. Most recently, in January 2018, in the single largest incident to date, hackers stole over US$530 million of the XEM token belonging to 260,000 customers from Coincheck, a Japanese cryptocurrency exchange and wallet service.

Key to the relative ease that the hackers breached Coincheck’s defenses was that the XEM tokens were stored in hot wallets directly connected to external networks. Meanwhile, cryptocurrencies such as Bitcoin perceived by Coincheck as being more valuable were stored in cold wallets, which are typically removable media such as USB drives or other external hard drives and are securely stored offsite.

The Coincheck attack participated a shake-up within the Japanese crypto sector. The Japanese Financial Services Agency (FSA), which had begun regulating and licensing cryptocurrency-related business in 2017, launched onsite inspections of the country’s 15 unlicensed cryptocurrency exchanges. The FSA has handed out business improvement notices to Coincheck and six other crypto firms and issued temporary cease trade orders to two more. Coincheck which had begun business 2014 and operated on an unlicensed basis, has since said it will apply for licensing under the FSA.  The exchange is currently the target of two class-action suits by cryptocurrency traders who lost tokens in the attack.

For more information, please call Barbara Hendrickson at BAX Securities Law (416) 601 -1004.

This publication is not intended to constitute legal advice. No one should act on it or refrain from acting on it without consulting with a lawyer. BAX does not warrant or guarantee the accuracy or currency or completeness of the publication. No part of this publication may be reproduced without the prior written permission of BAX Securities Law.