Coincheck is a centralized cryptocurrency exchange founded on August 28, 2012, but started operating as an exchange business in November 2014. It is headquartered in Japan (address at the time of this writing: E-Space Tower 12F, 3-6 Maruyamacho, Shibuya-ku, Tokyo 150-0044) and is operated by the Coincheck Inc. (registration of virtual currency exchange business: Director of Kanto Local Finance Bureau No.00014). Coincheck is a member of multiple Japanese associations, such as the Japan Virtual Currency Exchange Association, Japan Blockchain Association, Japan Virtual Currency Business Association, FinTech Association, and Japan Network Security Association. The CEO of the company is Toshihiko Katsuya, a professional with rich management experience in financial companies like Mitsubishi Bank and Monex Group, and an MBA from the University of California, Berkeley. The team behind the exchange is also comprised of professionals with a solid background in companies like Solomon Brothers Asia, Goldman Sachs, Tokyo Stock Exchange, and others.
The Coincheck exchange, unlike the majority of cryptocurrency trading businesses, relies on transparency and tries its best to explain to its existing and potential clients as much as possible about the company, its background, and future plans. It has a very detailed page with information about the company’s history, address, and internal and external team. The LinkedIn page also is a very detailed one and, at the time of this writing, lists more than 50 team members’ profiles.
Regarding cryptocurrency trading features, Coincheck does not differ from the majority of other exchanges. However, it offers some additional features such as a branded Visa debit card and a lending service that allows clients to earn interest on their cryptocurrencies. It does also offer something very curious – an electricity provision service where clients can choose an electricity company, become its client and pay for their bills in Bitcoins with a small discount. Coincheck supports individual and corporate accounts.
On its homepage, the exchange emphasizes the importance of ensuring its clients’ security. It states that it employs two-factor authentication and keeps users’ funds in segregated accounts in entirely encrypted cold wallets. Coincheck also adds that it had “confirmed the security and efficiency” of its systems with “multiple information security firms from around the world.” All this, in addition to the fact that the business is located in Japan, the first country in the world to introduce national regulations for cryptocurrency exchange businesses, should instill confidence in the platform’s security.
However, in reality, the case with Coincheck is quite different. The exchange suffered one of the biggest hacker attacks in the history of cryptocurrency exchanges. On January 26, 2018, the platform became a victim to cybercriminals who breached its security and stole NEM coins worth more than $530 million in client funds. Coincheck immediately suspended trading and restricted new users from signing up for the exchange’s services. It also promised to return the stolen funds to their owners.
Later on, it became clear that the security breach was a disaster waiting to happen after it turned out that the stolen funds were stored in an online hot wallet. Besides, Coincheck wasn’t using a multi-signature security system. At first, it was believed that the hacker attack was carried out by North Korean cybercriminals. Other reports suggested that some of Coincheck’s employees’ computers were infected with viruses that allowed for some Russian hackers to control them remotely.
Due to Japan’s cryptocurrency regulation framework being in its early stages and not fully-developed, the exchanges, operating there, combined their efforts and formed a self-regulatory body - the Japan Virtual Currency Exchange Association. Following the hack, the organization started an investigation against Coincheck and demanded it to increase its security levels considerably. The exchange has received similar admonitions from Japan’s Financial Services Agency (FSA) as well.
The development of the exchange can be divided into two periods – before and after the attack. The first period is associated with high profits and lots of clients. However, after the hacker attack took place, the exchange started to struggle to get back on its feet and had been losing money. At the time of this writing, Coincheck is still far from where it had been before the thefts.
When it comes to KYC procedures, it is worth noting that users who want to trade on leverage (up to 1:5) are required to verify their identity with a government ID, a selfie, and an SMS verification. Traders who don’t expect to trade more than $500 per month, don’t have to verify the cyber attack.
Regarding customer support, although Coincheck mentions that it supports multiple communication channels, in reality, there are lots of opinions of users, being frustrated with the slow or even non-existent support, at times. Aside from that, users report that transaction confirmations often experience weekend delays.