Lessons from History's Largest Crypto Hack: Exclusive Interview with Coincheck's President

By Emily Parker

Last year, the Japanese exchange Coincheck suffered the largest hack in cryptocurrency history. The incident deeply spooked Japanese authorities, sending a regulatory chill over a country that once looked like a Bitcoin capital. For a long time, Japan had no new exchange licenses or coin listings. 

Then in early 2019, a year after the Coincheck hack, one Japanese exchange finally got a license to operate. That exchange was hacking victim Coincheck, which is now one of the largest in Japan. 

In this exclusive interview, Coincheck President Toshihiko Katsuya talked to LongHash about the hack, its lingering effects, and Coincheck's remarkable comeback. 

"Coincheck, with over $500 million stolen, was the biggest hack since Mt. Gox," Katsuya said. "We still don't know who the hackers were. I think people were astonished by the amount."


"Last year, because of the hack, regulations tightened. The progress of the fintech industry lagged, probably because of that. But I think it can't be helped."

Japan's crypto world looks very different than it did two years ago, in large part because of Coincheck. Japan was once widely seen as a crypto-friendly nation. In 2017 it declared Bitcoin to be a legal form of payment and granted licenses to 16 cryptocurrency exchanges. 

When Coincheck was hacked it did not have a license, but was operating on provisional basis. Katsuya says this was in part because Coincheck offered some privacy coins, which the Japan Financial Services Agency (JFSA) had some concerns about.

Then came the crypto boom. "Coincheck made a huge profit in 2017, and then was hacked on January 26, 2018. Coincheck management tried to do their best in late 2017, but the boom came so suddenly they were not able to prepare a cold wallet for NEM," Katsuya said. (NEM was the virtual currency that was stolen from Coincheck). "Coincheck returned almost all the money to customers, because NEM was not so liquid.”


The hack highlighted a larger vulnerability in the crypto economy. Cryptocurrency is supposed to be decentralized. One of the great advantages of the Bitcoin blockchain, for example, is that it is distributed throughout the world, meaning that there is no central point to hack into. But this is not necessarily true of cryptocurrency exchanges. 

"Crypto exchanges function like a kind of bank," Katsuya said. "Crypto exchanges hold everything: customer information, customer fiat money, and customer crypto. So, we need to be very careful to safeguard these things."

"After the hack, people realized crypto exchanges are custodians of crypto as well as fiat. They need to be more careful about that. JFSA had to order the strengthening of internal controls."

In April of 2018, Coincheck was acquired by the online brokerage Monex. At the time of the hack, Katusya was the COO of Monex Group, in charge of overseas operations. The JFSA gave Coincheck a business improvement order after the hack, telling Monex to change the exchange's governance. 

So in April Katsuya started running Coincheck, as president. (Coincheck had no CEO after the Monex acquisition). Coincheck had to prove to regulators, and the public, that it could be trusted. 


"We tried to persuade the JFSA that we can improve on cyber security, internal control and money laundering.”

But the pressure wasn't only on Coincheck. All Japanese exchanges were subject to harsher regulatory scrutiny. "Before the hack, as long as crypto exchange activity was not prohibited by a specific law, it was OK," Katsuya said. "But after the regulatory framework changed last year, crypto exchanges need to make sure their activity complies with self-regulatory rules." Rules were determined by Japan Virtual Currency Exchange Association (JVCEA), a self-regulatory organization among crypto exchanges.

After the hack, new coins needed to get approval from JVCEA. Over 18 months later, no new coins had been approved. 

"The crypto exchanges under a business improvement order cannot list new coins," Katsuya explained. "Most crypto exchanges were ordered to improve in June of last year. I think the JFSA realized they needed to look into the safety and soundness of coins more carefully. They asked JVCEA to examine the appropriateness of coins. Because of that, JVCEA set up a checklist for new coins."

Coincheck had to submit a monthly progress report on their business improvement plan, ultimately convincing regulators that they had sufficiently improved. "Finally, the JFSA said that we don't need to report. In January of 2019, they gave us a formal registration."

For better or worse, the hack made it a lot harder to operate a cryptocurrency exchange in Japan. Because of new requirements for security, anti-money laundering and countering financing for terrorists, the costs of compliance have risen. “I don't think most of the crypto exchanges can keep up," Katsuya said.

The hack also had a dampening effect on the public's attitude toward crypto. "Most media, especially television broadcasters, were reluctant to have commercials for crypto after the hack," Katsuya said. "Since the Coincheck hack, the activity of individual Japanese traders went down by a lot." He said Bitcoin prices are now largely determined by institutional investors, mostly in the Western world.

The Japanese crypto market is finally starting to come back. "Individual traders came back this year. In terms of trading volume, it came back to the same level as one year before. Last month, the trading level has returned to [that of] July last year."

Kastuya said that Coincheck is probably Japan's second largest exchange by trade volume, but still has to work to win over public trust. "There are still a number of people who are against Coincheck. Before getting the registration, we tried to keep our existence low profile, after getting the approval, after April this year the market sentiment has changed, then we gradually increased marketing."

Coincheck stopped accepting foreign applicants after the hack, so most of its customers are Japanese. According to Katsuya there are 2.5 million people that have downloaded the app, with 1.9 million registered users. The actual number of accounts is 900,000, with active users making up probably half of that. "Our main customers are males in their 20s and 30s, very similar to FX traders, they love the volatility." 

All over the world, governments are trying to find a way to regulate crypto without stifling innovation. Crypto also moves at a lightning-fast pace, which poses a particular challenge for Japan. 

"In Japan, most things are determined by bureaucrats. They are bureaucrats from start to end. Most of the regulations are determined by bureaucrats, who do not have experience doing business, even though they are very smart. In the crypto world, the technology changes so quickly, it's very tough for bureaucrats to act in a timely manner."

Still, Katsuya believes that regulations are being properly determined. Without consumer protection, the industry will not grow. Besides, Coincheck can't really complain. 

"We were severely hacked. I don't think we are in a position to say: the regulation is so tough."

Subscribe to our weekly newsletter

We use data to help you understand the latest developments in crypto and blockchain.