Some of the NEM coins stolen from Coincheck in the Jan. 26 have been found in cryptocurrency exchanges in both Vancouver and Japan.
Researchers at the BIG Blockchain Intelligence Group Inc. have traced some of the $534 mln in NEM (XEM) stolen in the Jan. 26 Coincheck hack to a Vancouver-based crypto exchange, according to their March 1 press release.
The Japan Communist Party Central Committee’s newspaper also reported today, March 2, that 24 mln NEM coins from the hack are currently in Japanese NEM exchange Zaif.
The Japanese newspaper reported that since Tech Bureau, the operator of Zaif, is registered with the Financial Services Agency, it is obliged to confirm a customer’s identity, which can “help to clarify the identity of the criminal.” The article added that Tech Bureau had not responded to a request for comment by press time.
The stolen NEM are able to be traced thanks to the NEM development team’s new tagging system that alerts crypto exchange when an account has been tagged for containing stolen funds, with the following messages attached onto the 11 wallet addresses of the hackers:
“coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker.”
This automatic tagging system means that cryptocurrency exchanges are able to easily identify the addresses the hackers and forbid them from converting the NEM into other cryptocurrencies or fiat.
A Cointelegraph article covering the tagging system wrote that due to the “sheer size” of the stolen NEM, it is “not likely that the hackers will go through small-scale cryptocurrency exchanges to convert or launder the stolen funds [...] At this stage, the only safe option for the hackers is to hold onto the stolen NEM.”
However, according to BIG, the hackers were attempting to move the stolen NEM through the Vancouver-based exchange and then possibly sending them back to Japan. Bloomberg writes that Shone Anstey, the president and co-founder of BIG, declined to name the exchange, the amount of NEM involved in the transaction, and its alleged destination in Japan.
6 of the 11 wallet addresses used in the hack have been moving small amount of NEM since January, in values from 1 to over 10,000 coins.
One of these addresses contained a message in Japanese in its latest March 1 transfer of around 7 NEM coins:
“This purchase is to determine the bitcoin address of the criminal, insist that the purpose is not for self profit.”
Anstey told Bloomberg that it was the size of the NEM transactions at the Canadian exchange that alerted BIG’s Forensic and Investigations Division:
“We felt it was a significant amount that warranted looking into. They are trying to move it before the door is closed, but there is a lot to move.”
BIG, described on its website as a “developer of Blockchain technology search and data analytics solutions,” wrote that it will compile all data of its findings to send to law enforcement in both Canada and the US.