Tokyo police arrested two men on Wednesday who knowingly purchased stolen NEM (XEM) from the 2018 Coincheck hack on the dark web.

Takayoshi Doi, a doctor from Hokkaido, and Masaki Kitamoto, an executive from Osaka, were arrested after authorities tracking transfers of the stolen XEM contacted them to find out how they had acquired the cryptocurrency.

According to investigators, Doi and Kitamoto were aware that the XEM they had in their possession was part of the US$534 million [AU$851 million] worth of NEM stolen in the 2018 hack of the Coincheck crypto exchange.

Pocketing millions in ill-gotten XEM

Kitamoto had already admitted his guilt and pocketed around $19 million worth of stolen tokens. The XEMs that they bought were sold at a very low price on the dark web.

Tokyo police traced the trail of the fund transfers and got in touch with those who were suspected to have received some of the stolen XEM. Blockchain tracking tools might have also been used to track them down.

Prosecutors also said that they used over 100 investigators from their manpower in order to hunt down those who were involved in the Coincheck hack.

What happened in the Coincheck hack of 2018?

At the end of January 2018, Coincheck reported losing around $530 million worth of XEMs from hackers who stole from their network.

This prompted Coincheck to immediately inform 260,000 of their affected users about the security breach against its trading platform. Coincheck also promised to repay lost XEM from users at a value pegged at ¥88.549 (JPY) per XEM.

Shortly after, blockchain analysts and observers noticed that the XEM stolen from the network are being illicitly transferred. In March 2018, they recorded that a little over 40% of the stolen tokens from Coincheck had already been illegally processed.

The tokens that were stolen from the breach were exchanged for Bitcoin (BTC) and Litecoin (LTC) before they were transferred to more than 13,000 wallets.

A Nikkei report also revealed that almost all of the stolen XEM are being laundered through deep web channels. Those who sold XEM through these channels priced them at a very low rate in spot markets.

What many were unsure of is whether the hackers have been able to withdraw all of the stolen XEM. This is most probably because many crypto-exchange platforms heightened their security and monitoring measures following the aftermath of the hacking.

The latest post-hack updates

By March 2018, the NEM Foundation disabled the mosaic trackers of the stolen XEM because it proved to be ineffective after the hackers exchanged them for BTC and LTC.

Those who sold the stolen NEM even went as far as establishing a ticket system and only recognized BTC and LTC as their medium of exchange.

At present, the primary perpetrators of the hack might still be at large. But currently, Tokyo investigators seem to be looking on catching first those who purchased the stolen tokens.

In most countries, buying stolen goods for later reselling on a profitable margin is considered “fencing,” which is also a criminal act.