26th January 2018
"The easiest way to buy and sell Bitcoin and cryptocurrency"
Coincheck, a Japanese cryptocurrency exchange was proud of this website tagline. Unfortunately, that ease of access is now associated with a reported £380m "CryptoCoin" theft.
The CryptoCoin in question was Nem tokens - the 10th largest cryptocurrency by market value, which dropped over 10% after the theft was announced. BitCoin also dropped by more than 3%.
The size of the theft is comparable with the 850,000 Bitcoins stolen from Mt Gok, a Japanese exchange, in 2014. Those Bitcoins were valued at $450m, although it is believed that at least 200,000 of those Bitcoins have been recovered. Mt Gok was force to close and entered bankruptcy.
Cryptocurrencies are reliant on the secure management of encryption keys, which are at particular risk if visible from the internet - known as "Hot Keys". New methods of storing "Cold Keys", which are not accessible from the Internet, are rapidly appearing. These range from USBs sticks held in military grade bunkers, to being printed on military style dog tags or even tattooed onto the owner!
As with any banking system, there is always the risk of internal and external fraud being attempted, including the potential of fake transactions being created by unauthorised access to the banking systems. Each Cryptocurrency has to develop their own controls to guard against such attacks.
The theft will inevitably call the regulation of cryptocurrencies into question, as it varies considerably across platforms and jurisdictions.
Data GRC provides practitioner services to help organisations mitigate their data protection and information security risks. We help to develop appropriate management, physical, technical and operational controls.
We also work with a number of industry standards including Cyber Essentials, ISO 27001, ISO 27002, NIST and PCI DSS, to help clients achieve recognised levels of control.
Click this link to discuss data protection and information security services.
Click this link for more Data Privacy, GDPR and Information Security guides.