Coincheck made global headlines in early 2018 when hackers drained roughly $530 million worth of NEM tokens from its hot wallets, instantly making it one of the largest exchange heists in crypto history. Nearly a decade later, the Japanese platform is still standing — now owned by Monex Group and operating under the watchful eye of Japan's Financial Services Agency. The story is a wild mix of catastrophe, accountability, and one of the industry's most dramatic comeback arcs.
What Is Coincheck?
Coincheck is a Tokyo-based cryptocurrency exchange that launched in 2014 and quickly rose to become one of Japan's busiest retail trading platforms. At its peak, the exchange was serving hundreds of thousands of users who flocked to it for its easy onboarding, yen on-ramps, and broad altcoin selection — at a time when many Western exchanges were far more restrictive.
Unlike offshore compe*****s, Coincheck operated under Japan's regulatory framework, which has long been considered among the strictest in the world. That regulatory pedigree made the 2018 breach even more shocking: it wasn't a shady, anonymous platform that got hit — it was a licensed, registered Japanese exchange handling mainstream retail money.
Today, Coincheck continues to serve the Japanese market with spot trading, staking products, and an NFT marketplace, though its global footprint remains limited compared to giants like Binance or Coinbase.
The 2018 Hack: What Actually Happened
On January 26, 2018, Coincheck detected an unauthorized outflow from one of its hot wallets. By the time the team froze activity, attackers had siphoned around 523 million NEM (XEM) tokens — at the time worth approximately $530 million — making it bigger in dollar terms than the infamous Mt. Gox collapse of 2014.
The root cause was painfully simple: the stolen funds had been stored in a hot wallet connected to the internet, protected by a relatively weak implementation rather than the cold-storage or multi-signature setups considered industry best practice. Investigators later traced a portion of the stolen tokens through conversion efforts on darknet markets and other exchanges, though the attackers were never publicly identified.
In response, Japan's FSA issued administrative penalties, and Coincheck pledged to fully reimburse affected users — a promise it eventually kept, distributing over $440 million in compensation using the exchange's own capital.
- Date of breach: January 26, 2018
- Asset stolen: ~523 million NEM (XEM) tokens
- Cause: inadequate hot wallet security
- Outcome: full customer reimbursement by Coincheck
Recovery Under Monex Group
Just weeks after the hack, online brokerage giant Monex Group acquired Coincheck for roughly $33 million — a fraction of what the platform had been worth pre-breach. The buyout gave Coincheck the capital, compliance infrastructure, and credibility it needed to rebuild from scratch.
Under Monex, the exchange overhauled its security architecture, moved the vast majority of customer assets into cold storage, and rebuilt its compliance team from the ground up. It eventually re-registered with the FSA and became one of the first exchanges in Japan to win approval to operate under the country's stricter payment services regime.
By 2022, Coincheck had even filed to go public on the Tokyo Stock Exchange via a SPAC merger, signaling that the company had transformed from scandal survivor to legitimate financial market participant. The listing was valued at over $1 billion at announcement, a remarkable turnaround given the company's history.
Is Coincheck Safe to Use Today?
Short answer: for Japanese users, yes — within the boundaries of what any centralized exchange can offer. Coincheck now operates under the same regulatory scrutiny as major Japanese banks, holds the bulk of customer funds offline, and has years of clean operation since 2018. Compared to its pre-hack self, it is an almost unrecognizably more secure platform.
That said, traders should still apply standard exchange hygiene:
- Don't store long-term holdings on any exchange. Use a hardware wallet for serious positions.
- Enable two-factor authentication on every account.
- Check withdrawal whitelists and email confirmations before sending funds.
- Be aware of geographic restrictions — Coincheck primarily serves Japanese residents and may not offer full services to international users.
For anyone curious about the Japanese crypto market, Coincheck also doubles as a useful case study in how regulation, accountability, and corporate backing can keep an exchange alive even after a near-fatal blow.
Key Takeaways
The Coincheck saga is less a story about hackers and more a story about resilience, regulation, and the cost of cutting security corners.
- Coincheck suffered a $530M NEM heist in January 2018, one of the largest exchange hacks in history.
- The exchange fully reimbursed affected users — a rare outcome in crypto disasters.
- Acquired by Monex Group shortly after, Coincheck rebuilt its security and compliance from the ground up.
- It later listed on the Tokyo Stock Exchange, marking a dramatic corporate turnaround.
- Today it remains one of Japan's most regulated and trusted retail exchanges — though good personal security habits still matter.
Zyra