Coincheck NEM 580 億円 outflow incident detailed analysis (2018-01)
On this page
Wiki route
This entry sits under exchanges index. Read it against DMM Bitcoin outflow incident detailed analysis(2024-05)— 4,502.9 BTC attributed to Lazarus for peer / contrast context and FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements for the broader system / regulatory boundary.
1. Incident overview
In the early hours of 2018-01-26, approximately 5.2 億 XEM (worth about 580 億円 at the time) flowed out of Coincheck’s NEM (XEM) hot wallet to external addresses. At the time this was the largest crypto-asset theft in history, drawing international attention as an amount exceeding Mt.Gox (2014). Although the mosaic-tag tracking developed by the NEM Foundation made the flow of the leaked funds traceable in real time, it could not fully prevent cash-out via dark-web DEXes, and an estimated 60% worth is said to have been laundered into other currencies.
2. Technical cause
- Hot-wallet 100% operation: at the time of the outflow the offline (cold) custody ratio for XEM was 0%. All assets were always in an online state
- Multisig not implemented: XEM already supported multisig at the time, but Coincheck ran single-signature operation, citing implementation cost
- Weakness in private-key management: single-key hot-wallet configuration + undocumented key-management process
- Intrusion path: malware infection via a spear-phishing email to a business PC (later attributed, in a National Police Agency investigation, presumptively to North Korea’s Lazarus / APT38)
3. Compensation scheme
- 2018-01-28 (2 days after the outflow): officially announced full JPY compensation to 26 万 customers + worth about 580 億円
- 2018-03-12: compensation completed (1 XEM = 88.549 円 conversion)
- Funded from Coincheck’s own capital (the independent period before becoming a Monex subsidiary)
- Voluntary compensation at a stage where the legal repayment obligation had not been established was highly unusual globally — a rare case of continuing business without bankruptcy
4. Regulatory reflection
- 2018-03FSA conducted simultaneous on-site inspections of 16 社 domestic VASPs + issued a business-improvement order to Coincheck
- 2018-04JVCEA established (the self-regulatory body was launched)
- 2018-04Monex Group made Coincheck a wholly owned subsidiary (36 億円)
- 2020-05the amended FIEA + supervisory guidelines institutionalized the segregated-management obligation of hot wallet 5% / cold wallet 95%
5. International comparison
Compared with the later Mt.Gox (2014 outflow · repayment still continuing in 2026 after 12 years had passed) and FTX International (2022 · partial repayment as of the point 3 years had passed), Coincheck completed full JPY compensation in 50 days. As a voluntary response outside the framework of system design, it ultimately became a proof-of-concept case for domestic regulation (95% cold-wallet obligation + JVCEA).
Cross-links
- jp-exchange-coincheck
- jp-vasp-incident-history
- jp-vasp-cold-storage-segregation-rules
- fsa-business-improvement-orders-history
- jvcea-self-regulatory-overview
- jp-vasp-ma-consolidation-history (Monex subsidiarization)
- mtgox-bankruptcy-processing-timeline
- ftx-japan-100pct-return-case-study
- forensic identity anchor chain
- bytecode forensic 3-tier verify
- Bybit Lazarus Hack Detailed Analysis
来源: 公開情報整理 (Coincheck/マネックスグループ IR 開示、FSA 業務改善命令・記者会見、警察庁 NEM 流出事案関連発表、Chainalysis/Elliptic 公開トレース、Lazarus グループ追跡レポート)
Discovery
Keep reading
Read next
- Cross-chain bridges and CEX deposit/withdrawal routes — Wormhole / LayerZero / Axelar / Hyperlane / CCIP comparison This entry sits under exchanges index. Read it against グローバル CEX top 10 ランキング比較 (2025-2026) for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regulat... exchanges/cross-chain-bridge-cex-deposit-withdrawal
- Crypto-asset custody provider landscape matrix — Japan + Global institutional custody 10 社 technology / regulation / customer comparison The institutional crypto-asset custody market is differentiated along three axes: (1) technology model (cold storage / MPC / hybrid) × (2) license tier (Trust Charter / VASP / vendor only) ×... exchanges/crypto-custody-provider-landscape-matrix
- Jito — Solana liquid staking + MEV redistribution protocol overview This entry sits under exchanges index. Read it against Solana エコシステム DEX 群比較 for the Solana ecosystem context, Raydium / Orca for adjacent DEX peer context, and AMM 設計進化系譜 for the broader sy... exchanges/dex-jito-solana
Links here
- Bybit Lazarus $14.6 億 hack detailed analysis (2025-02) — largest crypto-asset outflow in history This entry sits under exchanges index. Read it against DMM Bitcoin 流出事件 詳細分析 (2024-05) — Lazarus 帰属 4,502.9 BTC for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broa... exchanges/bybit-lazarus-hack-detailed-analysis
- CEX matching engine + cold/hot wallet internal architecture This entry sits under exchanges index. Read it against 国内 VASP コールド保管 95% + 分別管理制度 for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regulatory bound... exchanges/cex-matching-engine-wallet-architecture
- Upbit(업비트)/ Dunamu — overview of Korea's overwhelming spot-market leader This entry sits under exchanges index. Read it against 韓国 5 大 CEX 制度比較 for the Korea peer / regulatory context, Bithumb for the closest peer comparison(#2),and global CEX top 10 comparison f... exchanges/cex-upbit-korea
- WazirX — India CEX / 2024-07 Liminal hack ~$235M loss overview This entry sits under exchanges index. Read it against CoinDCX for the closest India peer / contrast context, Bybit Lazarus hack for parallel North Korean attribution pattern, and グローバル CEX... exchanges/cex-wazirx-india
- DMM Bitcoin outflow incident detailed analysis(2024-05)— 4,502.9 BTC attributed to Lazarus This entry sits under exchanges index. Read it against Coincheck NEM 580 億円流出事件 詳細分析 (2018-01) for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regu... exchanges/dmm-bitcoin-lazarus-hack-detailed-analysis