Massive Japanese cryptocurrency hack won't be the last, Wall Street analyst says

Key Points
  • The more than $500 million in cryptocurrency stolen by hackers from Coincheck last week was unlikely to be the last such attack, said Nicholas Colas, co-founder of DataTrek Research.
  • Coincheck announced Friday that around 523 million of its NEM coins, worth some $534.8 million, had been fraudulently sent to another account.
Coincheck hack won't be the last: Pro
Coincheck hack won't be the last: Pro

The more than $500 million cryptocurrency heist at a major Japanese exchange last week is unlikely to be the last such hack, according to a Wall Street analyst.

"I think [the attack] does highlight the fact that the industry still has a long way to go in terms of basic issues of security," Nicholas Colas, co-founder of DataTrek Research, told CNBC's "Squawk Box" on Monday.

"This is certainly not the first, nor will it be the last, such hack attack on cryptocurrencies and, all things considered, I think they're taking it fairly well in terms of price," Colas added.

His comments came after Japanese exchange Coincheck announced Friday that around 523 million of its NEM coins had been directed to another account. Those coins were reportedly worth approximately 58 billion yen ($534.8 million) when the hack was detected.

The exchange later said in a blog post on Sunday that it would be making reparations to roughly 260,000 affected users, adding that it offered its apologies for the "immense distress" caused to customers following the hack. Around 46.3 billion yen ($425 million) will be returned in total, although Coincheck said the method and period of reparation had yet to be decided.

In this picture taken on early January 27, 2018, Coincheck president Koichiro Wada (L) bows in apology at the end a press conference in Tokyo. Japan's government said on January 29 it would impose administrative measures on virtual currency exchange Coincheck after hackers stole hundreds of millions of dollars in digital assets from the Tokyo-based firm.
AFP | Getty Images

Coincheck management said in a press conference last week that it held the NEM coins in a "hot" wallet, referring to a method of storage that is linked to the internet — a method that was "not industry standard," according to Colas.

"Keeping 100 percent of your crypto assets online is a bad idea for an institution, or frankly, for an individual who has a large amount invested in it as well," he said.

As for who the hackers could be, the analyst ventured that a group — rather than an individual — was more likely to be responsible.

"The typical hackers in cryptos have been organized groups [as opposed to] lone attackers. Because, obviously, once you get the coin, you've got to figure out how to atomize it and monetize it in some way and that's a bigger challenge than typically one person can do," Colas explained.

In the latest development in the saga, Japanese financial regulators on Monday indicated that they had plans to enforce "administrative punishment" against Coincheck following the massive hack, Reuters reported.

Local news agency Kyodo reported Monday afternoon that the Tokyo Metropolitan Police intended to carry out voluntary questioning of those associated with the exchange.

— CNBC's Evelyn Cheng contributed to this report.