Coincheck Inc. users withdrew 40.1 billion yen ($373 million) from the cryptocurrency exchange on Tuesday, the first day customers were allowed to pull out in the wake of the cyber-theft of about $500 million last month.
The target of the biggest theft of digital coins in history on Tuesday began allowing yen withdrawals for the first time, triggering the exodus of money. Chief Operating Officer Yusuke Otsuka is still sticking to promises to compensate users, though he wouldn’t go into the root causes of the heist during a hastily arranged briefing in Tokyo.
The exchange is considering capital alliances and has engaged an external firm to verify its security before resuming full operations, he told reporters. Coincheck earlier submitted a report to Japan’s Financial Services Agency explaining how the hack occurred, what kind of support will be provided to customers and how systems will be bolstered to prevent future hacks.
“We’re of the belief our business will continue. We are moving ahead with such expectations,” Otsuka said late on Tuesday. “We have the necessary funding.”
The FSA will now review Coincheck’s report to decide whether to grant a license to the exchange, which was allowed to operate without one before the theft.
“If we do not receive the license, it would be against the law to continue operations,” Otsuka said.
The $500 million hack, the largest in a run of cryptocurrency heists that stretch back to Tokyo-based Mt. Gox in 2014, has increased calls for stricter oversight of the fast-growing industry. Governments have struggled to regulate Bitcoin and other currencies, with some imposing sweeping bans while others remain permissive. Japan has tried to navigate a middle road by allowing most operations to continue while enacting new regulations in April.
It’s unclear whether Coincheck identified the cyber thieves. Otsuka said details of the attack was among information submitted to the FSA, and that he was not yet allowed to discuss it publicly. South Korea’s spy agency is said to have begun investigating the possibility that North Korean hackers orchestrated the theft.
The exchange is still allowing users to trade Bitcoin, but has frozen all other activity on its platform. While Coincheck has promised to reimburse victims of the hack, it’s neither begun that process nor provided details of its plan. It repeated on Tuesday that it has the funds to do so. Otsuka said he sees a rough timeline for that happening, but didn’t elaborate.
“We now see the schedule for when reimbursements of NEM losses will occur,” Otsuka said. He reiterated Coincheck’s promise from last month to repay victims at 88.549 yen for each stolen coin. Since then NEM prices have tumbled to about 56 yen.
As for other cryptocurrencies such as Ether and Ripple on deposit, Otsuka said withdrawals will be allowed after security checks with the third-party firm it’s engaged, but would likely take place only after reimbursing those whose NEM coins were stolen.
“We’re checking each currency on deposit one by one with a third-party security firm,” Otsuka said. “Once we have confirmed the security, we will resume” withdrawals.