When most people hear the name Coincheck, they think of one thing: the largest cryptocurrency heist in history. The Japanese exchange lost roughly $534 million worth of NEM tokens in a single night in January 2018, shaking the entire crypto industry to its core. But the story did not end there — and neither did Coincheck.

What Is Coincheck?

Coincheck is a Tokyo-based cryptocurrency exchange founded in 2012 by Koichiro Wada and Yusuke Otsuka. It quickly grew into one of the most popular trading platforms in Japan, attracting millions of users thanks to its simple interface, broad altcoin selection, and aggressive marketing — including a high-profile sponsorship deal with a Tokyo professional baseball team.

At its peak, the platform served a huge slice of Japan's retail crypto market. Users could buy and sell a wide variety of tokens, from household names like Bitcoin and Ethereum to smaller, more speculative altcoins. That reach made the exchange attractive to newcomers, but it also made it a tempting target.

Unlike some compe*****s, Coincheck operated for years without a license under Japan's Payment Services Act. It only registered with the country's Financial Services Agency (FSA) in September 2017, giving regulators little time to scrutinize its security practices before disaster struck.

The 2018 Hack: Crypto's Biggest Heist

On the night of January 26, 2018, a hacker exploited a vulnerability in Coincheck's hot wallet — the online storage system used to process withdrawals. The attacker drained roughly 523 million NEM tokens, worth around $534 million at the time. By the time Coincheck detected the massive outflow the next morning, the funds were already gone.

The breach sent shockwaves across the global crypto market. NEM's price cratered, Bitcoin dipped on the news, and Japanese regulators scrambled to respond. Coincheck halted all NEM withdrawals, froze trading on most tokens, and eventually suspended nearly all activity on the platform.

Why It Happened

Investigations later revealed a series of glaring security failures. The exchange had stored customer assets in hot wallets connected to the internet, had no multi-signature protection on key accounts, and had not implemented basic withdrawal limits. The setup was, in the words of one cybersecurity analyst, "a textbook example of what not to do."

"The Coincheck hack exposed what regulators and security experts had been warning about for years — that rapid growth without proper safeguards is a recipe for disaster."

Aftermath, Rescue, and Regulation

Within days, the FSA slapped Coincheck with business improvement orders, demanding stricter internal controls, asset segregation, and customer fund protection. The exchange publicly promised to reimburse affected users — and remarkably, it followed through. Roughly 260,000 affected NEM holders were refunded out of company capital, a move that cost Coincheck an estimated $440 million.

Months later, in April 2018, Japanese fintech firm Monex Group acquired a majority stake in Coincheck for a reported $3.6 million — a striking valuation given the company's recent losses. Under Monex's ownership, the exchange overhauled its security infrastructure, registered properly with the FSA, and obtained a full operating license in January 2019.

The hack also triggered a broader regulatory crackdown across Japan. The FSA tightened oversight of all registered exchanges, demanding proof of cold wallet storage, segregation of customer funds, and stricter KYC procedures. Several smaller exchanges were forced to shut down rather than comply.

The NEM Trail

The stolen tokens were traced as they moved through multiple wallets and ended up partly laundered through darknet markets and converted into other cryptocurrencies. While a small number of individuals were arrested in connection with the laundering, the full amount has never been recovered — making it one of the rare cases where the attacker walked away with most of the loot.

Where Coincheck Stands Today

Against the odds, Coincheck survived. It is now one of Japan's largest FSA-licensed exchanges, handling billions in trading volume each quarter. The platform has rebuilt much of its user base and continues to offer trading in major cryptocurrencies including Bitcoin, Ethereum, and a curated list of altcoins.

It has also expanded into new lines of business. Through its parent company Monex, Coincheck has explored NFT marketplaces, staking services, and blockchain-based loyalty programs — moves aimed at diversifying beyond simple trading.

Still, the 2018 hack remains a defining chapter. For many in the industry, Coincheck is a case study in how security-first thinking must come before growth — and a reminder that even a near-fatal blow does not always end the company.

Key Takeaways

  • Coincheck is a major Japanese crypto exchange, founded in 2012 and now owned by Monex Group.
  • In January 2018, it lost roughly $534 million in NEM tokens to hackers — the largest crypto exchange theft in history.
  • The breach was caused by poor security practices, including hot wallet storage and no multi-signature protection.
  • Coincheck reimbursed all affected users out of pocket and has since obtained a full FSA license.
  • The hack reshaped Japan's crypto regulation and remains a cautionary tale for exchanges worldwide.