Coincheck加密货币被盗：你需要知道的一切

黑客从东京的加密货币交易所Coincheck偷走了大约580亿日元（5.3260亿美元），引发了对于数字资产这个新兴市场的安全和监管保护的质疑。

这是史上规模最大的加密货币被盗事件之一，以下是事件相关的一些问题和答案：

NEM是什么？

NEM是2015年3月推出的一种加密货币，开发者团队共有五人，自称为Pat、Makoto、Gimre、Bloody Rookie和Jaguar。这个缩略词的全称是新经济运动（New Economy Movement）。像其他加密货币一样，这种货币自称是不受政府和中央银行控制的数字货币，可以用于迅速的全球交易。

如今，NEM是全球第十大加密货币，总价值为90亿美元，每个NEM币的交易价稍低于1美元。

推出NEM是为了缓解财产高度集中的问题，加密货币社区中的一些人认为，它是比特币的重大弱点。这种全球最著名的加密货币的早期尝试者都成为了亿万富翁。

要挖掘比特币，就需要让计算机竞速寻找运算问题的解。NEM的开发者认为，这种机制会让富人变得更加富有，因为有钱人可以购置更多硬件来运算这类问题。

NEM则会奖励参与这个经济系统的账户。这个平台会综合考虑账户的余额，使用账户交易的用户，与其他人的交易量，根据结算的交易来计算账户的重要性。

Coincheck是如何被黑客攻击的？

目前还有很多细节尚不明朗。

Coincheck的首席运营官大塚雄介（Yusuke Otsuka）周五表示，当地时间凌晨3点左右， Coincheck的一个NEM地址发送了大约5.23亿NEM币。8个多小时之后，Coincheck发现账户余额出现了异常减少。

Coincheck表示，NEM币被储存在“热钱包”而不是“冷钱包”中。公司总裁Koichiro Wada称这样做是因为技术上存在困难，人手也不足。

什么是热钱包？

热钱包是联网的，因此容易遭到黑客攻击。专家警告称，在热钱包中保存大量财产，相当于随身携带大量现金。

冷钱包，例如Trezor和Ledger Nano S，体积类似于USB闪存盘大小，可以把财产离线保存。一些人会把它们放在安全的地方。

日本如何监管加密货币交易所？

去年4月，日本政府接受了比特币作为一种支付的合法途径，并要求交易所的经营者在金融监管方登记。

这项要求是在当时全球最大的比特币交易所——东京的Mt. Gox在2014年遭遇黑客攻击之后出台的，目的是为了保护消费者，打击加密货币非法使用的情况。这也是首相安倍晋三通过金融技术领域刺激增长的举措之一。

金融厅要求希望成立的交易所配备完备的计算机系统，设置隔离的现金和加密货币账户，核实交易者身份，拥有风险管理系统。

截至1月17日，金融厅已经批准了16家日本加密货币交易所的注册。另有16家左右的交易所在监管方案出台之前就已开始经营，其中就包括Coincheck。监管方允许这些交易所暂时继续经营，并着手评估他们的操作流程。

被盗走的NEM币还能被追踪到吗？

支持NEM区块链技术的机构NEM.io Foundation位于新加坡，该机构表示，目前已经掌握了Coincheck被黑的NEM币下落，他们正在区块链共享总帐上追踪这笔钱。

这家机构在媒体平台Medium的声明中表示，黑客目前还没有转移任何资金，并补充称他们会在两日之内开发出系统化的标记系统来最终这批货币，锁定任何收到它们的账户。

目前尚不清楚他们要如何确认货币持有者的身份。

投资者应当如何避免被黑客攻击？

比特币的推广者建议避免集中式的交易所，他们认为，关键点就是不要把去中心化货币的控制权移交给中央银行、商业银行和交易所等第三方机构，这会增加管理不善、诈骗或被黑的风险。

专家表示，只有在即将完成的交易中所需的钱才应当保存在热钱包中。即使那时，也可以通过去中心化的交易所如Shapeshift、Changelly或Waves Dex，从货币持有者的钱包中直接取出来兑换货币，而没必要从以交易所名义控制的钱包中取钱。

只有在货币持有者试图把加密货币兑换成法定货币时，才存在被骗或被黑的风险，不过也可以把这些风险减少到最低。交易可以以P2P的方式，在安全、公开的场所，与当地加密货币社区高信誉的会员，通过localbitcoins.com等网站或集中的交易所进行。如此一来，仅有网上执行交易的那一小段时间有可能被黑客攻击。（财富中文网）

译者：严匡正 

Hackers have stolen roughly 58 billion yen ($532.60 million) from Tokyo-based cryptocurrency exchange Coincheck, raising questions about security and regulatory protection in the emerging market of digital assets.

The following are some questions and answers about one of the largest heists of cryptocurrencies in the history:

What Is NEM?

NEM is a cryptocurrency launched in March 2015 by a team of five developers identifying themselves as Pat, Makoto, Gimre, BloodyRookie and Jaguar. Its acronym stands for New Economy Movement and, like other cryptocurrencies, markets itself as a digital coin outside the control of governments and central banks, which can be used for fast, global transactions.

It is now the tenth largest cryptocurrency, with $9 billion worth of NEMs in circulation, trading at just below $1 per coin.

NEM was launched to rectify the high concentration of wealth that some in the cryptocurrency community believe to be one of the key weaknesses of bitcoin, the world’s most widely known cryptocurrency, whose early adopters have turned into multi-billionaires.

For bitcoin transactions to clear, computers compete to find the solution to a computational problem, which NEM developers say makes the rich richer as those who have money can afford more hardware to solve such problems.

NEM rewards accounts that participate in the economy. The balance of an account, who transacts with that account, and how much it transacts with others are all combined to calculate an account’s importance, based on which transactions are cleared.

How Was Coincheck Hacked?

Many details are still unclear.

Yusuke Otsuka, Coincheck’s chief operating officer, said on Friday that around 523 million NEM coins were sent from a NEM address at Coincheck at around 3 a.m. local time. Over eight hours later, Coincheck noticed an abnormal decrease in the balance.

Coincheck said the NEM coins were stored in a “hot wallet” instead of a “cold wallet.” Company President Koichiro Wada cited technical difficulties and a shortage of staff.

What Is a Hot Wallet？

Hot wallets are connected to the internet, therefore vulnerable to hacking. Experts warn that holding large sums in hot wallets is the equivalent of carrying large amounts of cash in person.

Cold wallets, such as Trezor and Ledger Nano S, are devices which can be as small as a USB stick and can be stored offline. Some keep them in a safe.

How Are Crypto Exchanges Regulated in Japan?

Japan’s government in April recognized bitcoin as a legally accepted means of payment, and required exchange operators to register with the financial regulator.

The move — which came in the wake of the 2014 collapse of Tokyo-based Mt. Gox, then the world’s largest bitcoin exchange — was designed to protect consumers and clamp down on illegal use of cryptocurrencies. It also formed part of Prime Minister Shinzo Abe’s push to stimulate growth via the fintech sector.

The Financial Services Authority’s requirements for would-be exchanges include robust computer systems and segregation of cash and cryptocurrency accounts, checks on traders’ identities and risk management systems.

As of Jan. 17, the FSA had approved the registration of 16 Japanese cryptocurrency exchanges. A further 16 or so exchanges that were operating before the regulation was introduced — including Coincheck — have been allowed to continue operating on a provisional basis as their applications are assessed.

Can Stolen NEMs Be Tracked?

The NEM.io Foundation, a Singapore-based organization supporting NEM blockchain technology, says it has a full account of the whereabouts of Coincheck’s hacked NEM, tracing the currency on the blockchain shared ledger.

The hacker has not moved any of the funds, the foundation said in a statement posted to the Medium publishing site, adding it would create an automated tagging system within two days to follow the coins and identify any account which receives them.

It is unclear how the holders would be identified.

How Can Investors Avoid Being Hacked ？

Bitcoin evangelists recommend steering clear of centralized exchanges, arguing that the whole point of decentralized currencies was to not hand over control to third parties, such as central banks, commercial banks and exchanges, which raises the risk of mismanagement, scams or hacking.

Experts say only money needed for upcoming transactions should be kept in hot wallets. Even then, trading one cryptocurrency for another can be done over decentralized exchanges, such as Shapeshift, Changelly or Waves Dex, directly from the holder’s wallet and not from a wallet controlled by an exchange in their name.

Risks of fraud or hacking then only occur when a holder wants to exchange crypto assets for fiat currencies, but these can be minimized. Transactions can be done peer-to-peer in a safe, public place amongst members of the local crypto community rated by reputation on websites such as localbitcoins.com or via a centralized exchange, with the risk of hacking limited to the amount of time spent online to perform the transaction.