Some of the stolen cryptocurrency from digital currency exchange operator Coincheck Inc. is likely to have been converted into other digital currencies in a possible attempt at moneylaundering, according to analysis by data security experts.
Of the 58 billion yen ($533 million) worth of NEM cryptocurrency stolen last month from Coincheck, more than 500 million yen worth of the currency is likely to have been converted into bitcoin and other virtual currencies, the experts said.
The conversion is believed to have been conducted through a site on the hidden dark web, which requires specific software to access, they said.
Following the massive theft of the digital money on Jan. 26, the data security specialists have found an account believed to be used by a perpetrator of the heist for trading the stolen NEM through the dark web.
Their analysis of money transfers from the account showed that the NEM cryptocurrency worth more than 500 million yen was withdrawn on more than 200 occasions between early Thursday and Friday evening, based on the exchange rate at the time of the hacking of Coincheck.
Based on the current exchange rate, the converted currency is worth over 300 million yen, they said.
NEM.io Foundation, a Singapore-based NEM promotion group, has tagged the stolen NEM to make it easier to track.
But "the tracking speed by the foundation is too slow" to prevent the perpetrator's conversion, said Takayuki Sugiura, representative of L Plus, a Tokyo-based information and technology consulting firm. "Urgent steps have to be taken."
Investigative sources said a site was set up on the highly anonymous dark web by Wednesday and the Metropolitan Police Department is monitoring the site for any transfer of the NEM cryptocurrency from suspicious accounts.
Some 260,000 holders of the NEM currency have fallen victim to the security breach targeting Coincheck's NEM coffers. Since the heist, Coincheck has suspended most of its services.
The company said Friday it will resume services to allow the withdrawal of yen from next Tuesday. But it remains unclear when the company's account holders will become able to withdraw or trade their cryptocurrencies other than the NEM deposited at the company.
In Japan, there are 16 registered exchanges and another 16 exchanges awaiting approval, the latter including Coincheck, according to the Financial Services Agency. Exchange operators are required to register under the revised funds settlement law which took effect last April.
The financial watchdog has begun on-site inspections of multiple digital currency exchanges to check their risk management systems following the security breach at Coincheck, Financial Services Minister Taro Aso told reporters Friday.
All exchange operators in Japan were due to report to the FSA by Feb. 2 on how they manage risks to protect customer assets.
Aso said the agency decided to inspect the operators after looking into their reports.
While the minister declined to reveal the names of the currency exchanges that were inspected recently, a source with knowledge of the matter said they are GMO Coin Inc. in Tokyo and Tech Bureau Corp. in Osaka.
To strengthen oversight, the FSA is expected to expand inspections to all cryptocurrency exchanges in the country over the next few months, according to a source familiar with the plan.
The heist has prompted debate about whether and how to regulate such digital currencies, which have gained popularity globally.
The FSA has dispatched inspectors to Coincheck to see if they have proper risk management systems in place and the financial strength to reimburse holders, as promised, of the NEM currency to the tune of 46 billion yen.
The Japanese financial watchdog has issued a business improvement order to Coincheck, which has until Feb. 13 to report back with steps to prevent a recurrence.