Hackers behind ‘biggest in history’ $530mn crypto heist attempt to sell stolen coins
Jeff McDonald, vice president of the NEM Foundation, the creators of the XEM cryptocurrency, told Reuters Tuesday they had traced the stolen coins to an unidentified account. Activity showed that the account owner had begun trying to move the coins onto six exchanges where they could then sell it.
“[The hackers are] trying to spend them on multiple exchanges. We are contacting those exchanges,” McDonald said. NEM Foundation spokeswoman Alexandra Tinsman added the hackers had also started sending out “XEM” coins to random accounts in 100 XEM batches, worth about $83 each.
McDonald said its likely the hackers will exchange the coins into another cryptocurrency before transferring the coins back into a traditional currency, making the funds near impossible to trace.
While the NEM vice-president concedes the hackers will get away with some of the stolen funds, he doesn’t believe they will get to spend anything close to all of the hacked cryptocurrency, saying the “market simply couldn’t absorb that much.”
Japanese cryptocurrency exchange platform Coincheck suspended trading and withdrawals Friday after it confirmed that unknown hackers stole some 500 million NEM tokens – worth up to ¥58 billion or around $532 million at the time of the incident.
As the news broke, the token price plunged more than 15 percent from the day’s high of around $1.02, down to $0.85. As of 1900 GMT, Tuesday, XEM was trading at around $0.79 per coin, according to trade website Coinmarketcap with a total market value of around $7.1 billion. XEM is the world’s 10th biggest cryptocurrency.
Coincheck was widely criticized for keeping 100 percent of NEM tokens in a “hot” (online) wallet and apologised to customers. It has committed to paying out over $425 million to help meet the losses of 260,000 customers.
NEM Foundation president Lon Wong blamed Coincheck’s careless security policy for the heist, suggesting the exchange’s refusal to implement NEM’s multi-signature smart contract was likely the vulnerability the hackers seized on. Japan’s Financial Services Agency (FSA) ordered improvements to operations at Coincheck Monday.