As everyone is well aware of by now with the mainstream media blast of a "cryptocurrency hack",  an exchange called Coincheck claims to have lost $530 million worth of the cryptocurrency NEM.

Coincheck is an online exchange that deals with virtual currencies like bitcoin, ether, and obviously ... NEM.

Let's bring out the flowchart (4 years running).
Coincheck has already stated that this "was not" an inside job, which is typically what everybody says on day one. Down the road it generally comes out that there was indeed some sort of inside job. Which, if you think about it, is almost better than the alternative which is that the security sucked so badly that hackers were able to waltz in and ripoff 500 million NEM coins.

Normally, we would walk through these steps, but ...
[warning title="Editors Note"]This is not an accusation, this is merely a presentation of the facts and all parties are considered innocent until proven otherwise[/warning]

Something Doesn't Add Up

Do any of these facts sound a bit off? The facts just don't add up, neither does the math. Let's start with the obvious and go down the list here.

1. What on earth was Coincheck doing with $530 million worth of anything in a hotwallet? 

This is about the dumbest thing on earth an exchange could possibly do. How is this even possible? There is not a 500 million coin transference demand for NEM (XEM) and furthermore exchange trades are representational based on custodial asset holdings, actual coin transaction don't occur on blockchains when trades are made. They keep enough hotwallet asset for average transference, not $530 million worth.

This makes absolutely no sense at all. There's no reason for it. There's no reason to risk it. This should not be like this and doesn't offer a single benefit to Coincheck.

2. What Exchange in this industry doesn't have 2FA? 

Coincheck admits they had not implemented two factor authentication. Coincheck resides in JAPAN. 

The same JAPAN of Mt. Gox Japan!! 

This Japanese company, in the wake of Mt. Gox, fired up it's operations and didn't bother to implement two factor authentication? 

Are these guy serious? This makes even less sense than the hot wallet. Seriously, go try and find another Exchange on earth that doesn't have some form of two factor authentication implemented.

This make beyond less than no sense when you consider the Coincheck has other services with this very feature meaning they have the source code and technical ability to do so.

That makes as much sense as walking uphill in the snow (both ways) to work or school during a blizzard without a coat when you have a limo and driver outside with the car warmed up and hot chocolate waiting for you.

3. What thief targets NEM?

Nothing against NEM, I own many coins of NEM, but let's be honest here. This is a new and barely known coin worth all of about $1. At it's peak a little over $2. It's not widely traded and limited to a handful of exchanges, so very hard to cash out even 500, much less 500 million.

Somebody with the mental capacity to orchestrate a 530 million dollar cyber-heist against the self proclaimed "largest exchange in Japan", doesn't have the brain cells to rub together hard enough to realize it'll be almost impossible to do anything at all with the coins?

Further more its a new and weak network so there's nothing stopping developers from rolling back the clock as they did with the Ethereum fiasco. (although note the NEM team has stated this won't happen and instead marked the coins).

If you manage to crack in to this exchange, then why not take something with value that can be actually realized?

4. How in the hell does Coincheck have 500 million to pay people back?

Coincheck announced the hacked coins will not affect its users and they will pay people back from their own pocket. This indicates that Coincheck has $530 million dollars to accomplish this, they vouched  ¥46.3 billion to compensate what was equates to ¥88.549 per NEM coin and $426 million USD.

Coincheck takes in 0.05 to 0.15% in fees per transaction on their exchange. Let's give them the benefit of the doubt here and give them 0.015% per transaction on everything.

Coincheck also has revenue from their BitPay style service. So let's say they do BitPay's volume of $1 billion USD and let's give them 1% of that annually.

We'll give them 3.5 years of operation for Payments (September 2014 to February 1st 2018) and 3.25 years of operation for Exchange fees (November 2014 to Feburay 1st, 2918).

We'll also give the full volume for the entire period.

Here's the math:

At 1% of payments processing of 1 billion they would rake in about $833,333 or about $10 million USD per month. That would equate to $31.5 million all time:

[code type="Math"]payments = ((83333333.33 * 0.01) * 12) * 3.5 exchange = ((160000000 * 0.015) * 12) * 3.25[/code]

According to estimates floating around, they conduct around $160 million in volume per month on their exchange which would equate to about $93.6 million annually. Here's the total for both the payments income and exchange revenue:

[code type="Math Result"] payment = 34999999.9986 exchange = 93600000.00 [/code]

See the following table for how that breaks down in detail.

Income Rate Volume Mo Yr Yrs Total Total
Payments 1% $83,333,333.33 $833,333.33 $10,000,000 3.5 $31,500,000 ¥3,461,188,500
Exchange 0.15% $160,000,000 $2,400,000 $28,800,000 3.25 $93,600,000 ¥10,284,674,400

The greatest mathematician of all time, I am not, but it appears to me as if that comes to about ¥13,745,862,900 ($125,100,000 USD).

They need ¥46.3 billion. How do they have ¥46.3 billion if they've made all of ¥13.75 billion in their entire existence??

Does Yen magically quadruple in value in Japan?
Perhaps hosting providers, employees, and other service providers actually pay them for the luxury of allow them to serve Coincheck?
Perhaps they invested 2.7 billion in bitcoin on day 1?

4. Who the hell is Coincheck anyway?

Allot of people have "heard" of Coincheck, but really haven't heard much about them in a while.

There hasn't been much heard about or seen from Coincheck since they opened their doors in very late 2014.

They were supportive of the DAO in 2016 before its implosive demise, but other than a couple notes, there hasn't been much of anything heard about them.

They say are the largest exchange in Japan and in all of Asia. (this is what they claim). Last week BitFlyer made headlines with its regulatory news and also claims to be the largest exchange in Japan.

6. Where the hell is the backlash?

500 million NEM coins were stolen and yet there's only 40 posts on their Reddit concerned about this? There seems to be more interest in a "cryptocurrency exchange being hacked" than the victims of these 500 million coins lost. 

Questions in General

How does a company pulling in $38.8 million annually have $500 million in operating capital?

How does a company with $530 million USD not have decent security?

How does a company with $530 million USD not have 2FA implemented when they have it implemented for other service offerings?

How does any company even survive in a country where Mt. Gox imploded from "supposed" bad security with even worse security?

None of this makes any sense.

We took a look at the Wikipedia pages in support of the exchange when fact-finding on their volume numbers..

Authors seem confused on all of the facts in general about Coincheck. They started in 2012, but then started in 2014, and had $46 million in transaction volume up until August of 2016 when suddenly they had $160 million.

In the above Wiki history they were founded in 2012, but then on the same page, states they were actually founded in 2015. 

Which is it, 2012 or 2015?

Apparently neither, as of September 2017 (see below) they managed to go back in time and founded themselves in 2014 and explain the 2012 away with ResuPress, Inc. being founded in 2012. They state they were founded in August of 2014 and we reported their opening in November 2014 which is an amazing 90 days that they built an entire operating exchange. 

No wonder why they had piss-poor security. However, in 3 years they never got around to updating it when by some miracle they've managed to accumulate $530 million which is laying around for them to easily pay for the lost NEM coins? 

We were rather generous in giving them their full $160,000,000 in transaction volume to conclude the above numbers in revenue, but according to announcements by the organization, as of February 2016, they only had $28 million in monthly volume (see below). Thus, they didn't even earn what we gave them as an operating revenue.

Of course, by some miracle by August 2016 they went from $28 million to $160 million. Now there's some amazing growth. They also went from 1300 hundred merchants to 2200 merchants.

What Does This All Mean?

This all points to the entire truth not being told and Coincheck being less than forthcoming in regards to the hack. It's also possible this entire thing is just a marketing stunt. They've either misreported the facts, or engaged in some sort of cover up engineered to buy them some more time to explain this away. 

Regardless, we do not believe the facts are being reported accurately by Coincheck.

They've also had some credibility concerns in the past according to one Reddit user.

It could be an inside job. It's always an inside job, and there's no reason for anyone to believe that in this case it wasn't, in part, or completely an issue that started internally. Even i they cannot tie this directly to an internal resource, the simply fact they didn't have proper security, a fact that is simply hard to fathom, is negligence enough.

They don't have the money. There's simply no way that Coincheck has the money to pay everyone back as promised unless they have managed to materialize some 32.6 billion Yen out of thin air.

Possible marketing stunt? The only other possible explanation is a marketing stunt designed to get the exchange into the mainstream media where it was previously non-existent in the wake of competitors such as BitFlyer who have dominated headlines regarding the area of operation. 

They certainly have the motive and had the ability to concoct such a story and make it believable. If they themselves took control of the NEM, paying it back to its users out of this supposed "operating capital" to make themselves look like the hero is certainly something that would have gone over well for them.

We cannot say which of these it is, but certainly doubt the story, as currently being told, is the whole truth.

Japan’s Financial Services Agency apparently doesn't think so either. They raided Coincheck’s offices yesterday looking for answers and confiscated documents and computers as evidence.

There's certainly more to this ... 

[accordion] [item title="Author and Credits"] Article by dinbits
Image Credits: Banner Image by staff
[/item] [item title="Disclaimer"]The opinions expressed by authors of articles linked, referenced, or published on do not necessarily express, nor are endorsed by, the opinions the of or its affiliates. Please review the Terms of Use for more information.[/item] [/accordion]

Post a Comment

Powered by Blogger.