Japan’s financial regulator said on Friday that it has begun on-site inspections of cryptocurrency exchanges following the hack of Coincheck last month.

After the late-January theft, the Financial Services Agency (FSA) requested cryptocurrency exchange operators in Japan, both licensed and those awaiting approval, to report to the authority on how they manage risks to protect customer assets.

The FSA searched Coincheck’s offices last week after slapping the company with an administrative order. Officials have suggested Coincheck lacked proper security measures, making itself vulnerable to theft.

“We have started on-site inspections on multiple operators to examine their internal management systems, including system risk management,” Financial Services Minister Taro Aso told reporters after a Cabinet meeting.

The FSA said the inspections will be expanded to all cryptocurrency exchanges in the country over the next few months, according to Japan Today. Japan has 16 licensed cryptocurrency exchanges and another 16 exchanges awaiting approval.

Hackers stole US$530 million worth of NEM cryptocurrency (XEM) from Coincheck in late-January, surpassing the US$480 million in cryptocurrency stolen in 2014 from MtGox.

Coincheck said it would reimburse customers who lost money and the NEM.io Foundation, the Singapore organization representing the peer-to-peer NEM blockchain platform, said it has developed an automated tagging system to trace the stolen funds with the objective of identifying wallets holding stolen funds.

Local authorities are currently investigating the theft in cooperation with foreign authorities but Japan’s media have already reported that hackers may have accessed the platform from abroad.

The Yomiuri Shimbun cited unnamed police sources as saying Coincheck was illegally accessed through servers in the US, Germany and the Netherlands in the days before it was hit.

The Asahi Shimbun daily reported that some of the stolen cryptocurrency were transferred to nine cryptocurrency exchanges in such locations as the US, the Czech Republic, and New Zealand in an exchange called Cryptopia.

An analysis of transactions records found that the hacker had stored the stolen NEM cryptocurrency in 45 different accounts as of early February 8.

Reuters reported earlier this week that according to South Korea’s intelligence agency, North Korean hackers could have been behind the thief.