Whether your funds are secure at Tokyo-based Coincheck is the question of the year. A security breach cost Coincheck $530 million in NEM’s XEM tokens stolen in an illegal transfer, and it seriously damaged the exchange’s reputation in the process. The NEM Foundation eventually stopped trying to recover the lost NEM funds, which according to reports were already laundered.
In an eerie coincidence, only a few years prior the now defunct Mt. Gox, which was similarly domiciled in Japan, suffered a hack in which 850,000 in bitcoin worth hundreds of millions of dollars was stolen, leading the exchange to file for bankruptcy. Coincheck remains solvent but the extent of the financial damage has yet to be determined.
The stolen NEM funds were stored in a web-based hot wallet, which are more vulnerable compared to the more secure cold wallets, the latter of which can be stored offline. Japan’s FSA has been closely monitoring the business operations of Coincheck since the hack.
Coincheck is reaching into its own coffers to repay the 260,000 NEM investors whose accounts were affected by the heist. The exchange is paying them back in JPY. Japan’s Financial Services Agency (FSA) infiltrated the exchange to examine their books to make sure the balance sheet was strong enough to repay investors who lost funds in the NEM hack.
Following the incident, the exchange had stopped all yen and cryptocurrency withdrawals but has since begun lifting the ban altcoin by altcoin.
But all new account registrations are suspended, as of March 2018, and the exchange is doing everything they can to return to normal. For instance, they appear to be gradually allowing the withdrawal of various altcoins once again, such as Lisk and Factom. But it may be a new normal for Coincheck from now on. As of March 2018, Coincheck also promoting a zero-fee trading campaign.
Prior to the hack, Coincheck was 2017’s top bitcoin exchange in Japan based on spot trading volume, according to jpbitcoin.com data cited on Coincheck. Meanwhile, they’re second in Japan based on separate research done by app ape in the three-month period leading up to October 2017 based on a sample size of 50,000 users, according to similarweb.com. As of March 2018, visits to the website have been on the decline since January 2018, when the hack occurred.
The minimum purchase price on the Coincheck trading platform is 0.001 bitcoin, which is approximately 831 yen at the time of publication.
Coincheck was launched in 2014. The company is led by Koichiro Wada, who is at the helm as CEO, and Yusuke Otsuka. In addition to the trading platform, Coincheck has lending and payments businesses. Here’s a link to the press conference with beleaguered Coincheck executives following the hack –
· They took responsibility for the massive security breach and are still operating, which forum posters said was “respectable.” While the damage to their balance sheet remains unclear, at least they are reimbursing NEM investors the USD 530 million that was stolen.
· In addition to BTC, they support multiple altcoins, including: ETH, LSK, XMR, XRP, ZEC, REP and FCT.
· Spot trading
· Zero trading fees during a promotional campaign that’s still running as of Q1 2018
· Choose to begin trading by creating an account either with Facebook or your email address.
· Trade bitcoin around the clock
· Tradeview trading platform
· Supports simplified Chinese
· Mobile app and API
· Coincheck has a payments platform, which is a good revenue diversifier.
· The exchange suffered the worst hack of any cryptocurrency exchange in history, with losses of USD 530 million NEM surpassing the bitcoin losses that Mt. Gox suffered.
· “English-language support is slow to respond,” – forum poster.
· Users complained of high fees prior to the zero-trading fee promotion.
· Mobile app users complain about the language selection on the interface, some saying it automatically goes to Japanese and others complaining that it does not.
Coincheck is not a licensed exchange, but it was still permitted to operate both prior to and after the hack.
Coincheck took most of the usual security precautions that you would expect from a bitcoin exchange, and last year even bolstered its know-your-customer procedures for Japanese residents. That’s what makes the massive hack that hit the exchange so worrying. But their use of the hot wallet instead of a cold wallet was a major indiscretion, and they were warned by both the NEM Foundation and regulators to ramp up security before the breach.
Coincheck doesn’t comingle trader deposits and company funds, which may be what saved them from becoming insolvent following the security breach. They support two-factor authentication via SMS and Google Authenticator on iOS or Android, according to the website.
Coincheck warns users not to use the same password on multiple sites, though says that 2FA will protect a user’s account in the event of a hack even if the password is compromised. Based the NEM, hack, however, 2FA wasn’t enough
They also boast Secure Socket Layer client certificates for encrypted security. Coincheck says passwords are hashed, saying “We adopt bcrypt(Blowfish); a hash function is suitable way of authentication.”
The steps for identity verification include the following –
· SMS authentication
· Document verification, such as passport, residence card, driver’s license, etc.
Corporate registrations require a similar process, but users must also provide a selfie of an executive with their ID in hand.
Coincheck is in the midst of a zero-fee for trading campaign and doesn’t publish what the fee schedule was like prior to the launch of the promotion. Before the promotion, in December 2017, one Reddit poster complained of “high fees they charge to buy and sell alt coins (4%).”
Based on the company’s website, however, there is normally a “maker” fee and a “taker” fee. They say: “Maker fees are paid when you add liquidity to our order book by placing a limit order under the ticker price for a buy and above the ticker price for a sell.”
Deposit and withdrawal fees are structured as follows –
· Bank transfers in JPY are free
· Bank transfers in USD cost USD 25
· Bank transfers from abroad JPY 2,500 (= GBP 16.7 based on the exchange rate in March 2018)
· JPY withdrawals = JPY 400
· USD withdrawals = JPY 2,500
· Interest rate for BTC borrowing = 0.05% per day. The exchange says: “Interest rate are to pay together when the borrowing period expires.”
· Zero fee for virtual currency deposits
· To access the “fast deposit” features, there’s a fee of 0.002 BTC.
Here’s a look at the exchange’s virtual currency transfer fees straight from the Coincheck website –
Coincheck also has Convenience Store Payments and Quick Payments as follows –
Here’s a look at swap fees –
To see the margin fees, you need to log into your account. Since they’re not taking new members, I wasn’t able to do that.
More than 96% of visitors to Coincheck’s website are based in Japan, with only a fraction of visitors coming from the United States, China and Canada, according to similarweb.com.
Make purchases with fiat money or credit card.
As of March 2018, new registrations on the Coincheck platform are suspended on the heels of the security breach. But once they resume taking new members, here’s a look at the sign-up process.
To sign up, start off on the home page. Coincheck will respond with a confirmation email, which contains a URL that you should click on. The next step is SMS authentication, which is required to deposit JPY. Add your phone number, press send and Coincheck will send you a message.
Once you’re in, you can deposit fiat currency to a registered bank account with the exchange. Deposits are credited, and then you can purchase BTC, etc. The amount you want to buy is also displayed in JPY.
You also have the option to invest via credit card around the clock. Before you can buy BTC, you must verify your identity, which involves submitting relevant documents.
Once the process is complete, select Pay with credit card. The exchange says: “Chooseamount from ¥5,000, ¥10,000, ¥50,000, ¥100,000 or type preferred amount. Click "購入する" after selecting your amount.”
Here’s a look at the Coincheck Tradeview platform –
Coincheck supports both public and private APIs. The public API is for browsing order status and order book, while the private one is for creating and cancelling orders
Coincheck also has a mobile app both for Android and iOS. Android users gave the app 3.7 stars out of a possible 5. The following review gives you an idea of what to expect from the Coincheck mobile app –
“The interface is relatively clean, however there are no functionalities to allow the user to know if they [are] making or losing money on any position, unlike Metatrader, for example. It acts well as a starting tool for playing with coins but lacks the functions needed for real trading.” - -Android user review
The Coincheck app does much better for iOS, with 4.5 stars out of a possible 5 star rating across nearly 200 users. One trader quickly came to the defense of the exchange despite the hack, while another who gave the exchange 5 stars simply asked if they would add EOS coin. The reviews wouldn’t be complete with a complaint, and one iOS user was not happy about a “90-minute signup process.”
Coincheck users were the most vocal on Facebook, where they expressed their discontent about not being able to make withdrawals on some coins but still being able to deposit and trade.
Users should avoid attempting to make withdrawals with a credit card that doesn’t bear their name. One forum poster complained that a withdrawal was denied and was quick to blame Coincheck but it turns out the transaction wasn’t up to snuff on know-your-customer standards
(mobile reviews) From before the hack, user complaints were typical for what you might see on a bitcoin trading platform – high fees, lengthy ETH transfers, etc. Users also complained about the mobile interface saying that while it was “nice” there wasn’t enough functionality to manage trades. Traders appeared to agree that it is a clean interface but that it needs more features for trading.
There are some worried reviewers who couldn’t seem to find a way to reach support, but Coincheck responded to some of these on the Google Play site, pointing customers to an online form.
Another common issue is the language preference. For instance, one user complained that the content was showing in Japanese instead of English. Users are also not happy with customer service, which in the exchange’s defense could be because they’ve been inundated since the security breach. But in some cases, investors are receiving no response at all, which only exacerbates an already tricky situation.
There are a couple of ways you can look at Coincheck. The worst is behind them or invest at your own risk. Other exchanges have recovered from hacks, including Bitfinex, for instance, which similarly repaid its users the USD 69 million that was stolen in 2016. Coincheck’s hack was more severe, but they are slowly returning operations back to normal.
The hack occurred despite the fact that Japan’s FSA was already working with the exchange toward licensing and after Japanese lawmakers introduced fund settlement laws in 2017. But regulators weren’t quick to issue Coincheck a license because they noticed some security flaws.
You can’t beat the zero trading fees for now, and regulators are more involved than ever with Coincheck’s operations, which bodes well for exchange security. But users continue to complain about not being able to withdraw funds even though the exchange claims that withdrawals of altcoins are coming back.
If you are in Japan, it might make sense to use Coincheck or you could consider other local exchanges such as BitFlyer. But otherwise there are so many other options and exchanges to choose from that it might be best to let the dust settle for a while.