Coincheck Inc., the Tokyo-based operator at the heart of a massive digital money theft, said Thursday it will start reimbursing its customers possibly next week and blamed a computer virus infection for the cryptocurrency loss.
The exchange also said it will resume part of its business. Following the theft of 58 billion yen (about $543 million) worth of digital money in January, Coincheck has promised to compensate some 260,000 holders of the stolen cryptocurrency NEM to the tune of 46 billion yen.
The announcement came the same day Japan's financial watchdog took administrative action against seven digital currency exchanges across the country, ordering two of them to suspend business in the first such penalty against cryptocurrency exchanges.
For the second time, the Financial Services Agency slapped a business improvement order on Coincheck. It judged that risk management and consumer protection at Coincheck were insufficient.
Following the latest order, Coincheck CEO Koichiro Wada apologized again at a press conference. "We will make all out efforts to respond sincerely to the instructions of the FSA," he said.
The cryptocurrency exchange said hackers overseas were operating the company's intranet after infecting it with malware through an email to steal the "private key" -- a password necessary to transfer virtual currencies.
Wada also admitted there were problems in management. "I was trying to increase the number of our workers and enhance our internal management system but was unable to hire new personnel."
Wada refrained from saying whether he will step down as CEO to take responsibility over the incident but did not rule out resigning.
For preventive measures, the exchange said it now has a person who oversees its system security and has launched a system risk committee to enhance the management of information security. Coincheck also pledged to boost its internal auditing system.
The FSA also ordered two virtual currency exchange operators -- Bit Station and FSHO -- to suspend business for a month through April 7 and enhance protection of customer information or assets.
An executive who is a major shareholder in Bit Station misappropriated bitcoins held by its customers, according to the FSA.
The seven operators were required to report back on how to improve their business operations by March 22. The other operators are Bicrements Inc., GMO Coin Inc., Tech Bureau Corp. and Mr. Exchange Inc.
Since the cybertheft in January, the FSA has been stepping up monitoring of virtual currency exchanges through on-site inspections and checking whether they have steps in place for their customer protection and anti-money laundering.
The latest heist from Coincheck came amid the growing popularity of virtual currencies and sparked debate about whether and how to regulate them.
Japan requires all virtual currency exchange operators to register with the government.
Yusuke Otsuka, a Coincheck executive, stressed that the company plans to continue business, and vowed to do its best to have its application for government registration approved. Coincheck's registration with the FSA is currently pending approval.
Since the virtual currency theft, Coincheck had suspended most of its cryptocurrency trading and withdrawals, leaving users unable to sell the coins to limit their losses even in the face of a price drop.
But Wada said based on contracts with the holders, the firm is not accountable for any losses incurred due to a fall in prices.
According to data showing Coincheck's business scale, revealed for the first time, the number of accounts of their holders was worth around 1.7 million yen as of Thursday. Trading volume amounted to around 3.85 trillion yen in December.
Coincheck refused to disclose information about its financial strength.