Coincheck Hackers May Have Successfully Laundered all their Stolen NEM Coins

According to recent reports, the hackers responsible for the January 2018 NEM heist from the Coincheck cryptocurrency exchange platform may have successfully laundered all their stolen NEM coins (XEM).

Laundering the Loot

In March 2018, BTCManager reported that the Coincheck hackers were laundering their loot on dark web cryptocurrency exchange platforms.

At the time of the report, it was believed that the hackers had been able to convert half of the stolen XEM successfully. The Coincheck heist, which resulted in the theft of over $500 million worth of NEM coins, is considered to be the worst cryptocurrency hack in the history of the market.

The hackers allegedly set up an anonymous cryptocurrency exchange platform on the dark web in the aftermath of the heist. They used this platform to exchange their stolen NEM coins for other cryptocurrencies. The system only accepted payments in bitcoin and litecoin, with the coins being sold at a 15 percent discount to interested buyers.

The system was also designed to be automated, and it attracted many buyers looking to cash in on the premium.

The dark web exchange platform is reported to have appeared about a fortnight after the hack. The platform seemed to have been designed to provide adequate customer service features to buyers. There were even features that allowed support tickets to be raised if a buyer was experiencing any technical difficulty with regards to the purchase of the stolen NEM.

These queries were answered within 48 to 72 hours. Based on a review of some of the responses, it is apparent that the hackers weren’t native English speakers.

Circumventing the NEM Foundation Tracking Activities

After the heist, concerted efforts were made to recover the stolen funds. The NEM Foundation, a Singapore-based non-profit began tracking the stolen coins in a bid to tag any address linked to the theft.

It appears, however, that the hackers were steps ahead of the foundation’s mosaic tracking protocol. By accepting payments in bitcoin and litecoin, the tracker was unable to follow a large number of transactions.

According to reports, the tracking system required about two to three minutes to tag each NEM address. This delay meant that all the hackers had to do to get around this was to move the funds repeatedly among several accounts to throw off the mosaic tracker.

The Aftermath of the Hack

By March 21, 2018, the NEM Foundation issued a public announcement that it was disabling the mosaic tracker, a clear indication that it had failed to track the stolen NEM coins. The value of NEM tokens has taken a nosedive since the hack, falling by about 75 percent from $1 to around $0.25.

There have been calls for the NEM Foundation to implement a hard fork but they have so far pointedly refused to do so. This is based on their position that the hack had nothing to do with the NEM blockchain but with the vulnerabilities in the Coincheck security system.