Share this article
Coincheck Customers Fall Victim to Data Breach After Domain Account Error
Coincheck's .com domain had been "in a state where it could be acquired." No funds have been lost, the firm said.
By Paddy Baker
Updated Dec 10, 2022, 7:59 p.m. Published Jun 3, 2020, 1:09 p.m.
Coincheck has fallen victim to a data breach after attackers accessed one of its domain name accounts and used it to impersonate the cryptocurrency exchange.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The Japanese firm – which fell victim to possibly the largest crypto hack in history in 2018 – said Tuesday that an unknown third party gained access to an account it held with domain registration service Onamae.com. An incident noticehttps://corporate.coincheck.com/2020/06/02/97.html suggested the attackers then used its .jp domain account to send "fraudulent" emails to customers.
"A third party who made unauthorized access (hereinafter, a third party) fraudulently sent some emails from our customers during the period from May 31 to June 1, 2020," reads the report. "It turned out that [the domain name] was in a state where it could be acquired."
Around 200 customers who sent replies to emails from the attackers are said to have data exposed. Coincheck said personal identifying information such as names, addresses and ID photos may have been illegally obtained. It's possible that hackers were phishing for "know your customer" verification details so they could access client accounts, but the motive remains unclear.
See also: BlockFi Says Hacker SIM-Swapped Employee’s Phone, No Funds Were Lost
How the third parties were allowed to gain access to Coincheck's domain account is currently being investigated by the registration firm, Coincheck said.
Although the exchange said funds had not been lost in the attack, it has suspended crypto remittances until Onamae's investigation is complete. All other services, including fiat deposits and withdrawals as well as cryptocurrency trading, remain operational at this time.
For customers seeking support, the firm is requesting that emails are sent to an address at coincheck.jp, not coincheck.com for the time being.
CoinDesk approached Coincheck for more precise details on the breach, but hadn't received a response by press time.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Ether Digital Asset Treasury Companies Outpace Peers as Crypto Tailwinds Build: B. Riley
The bank said ETH-focused DATCOs have outperformed since Nov. 20 as risk appetite improved, mNAVs ticked up and staking-led strategies gained traction.
What to know:
- Crypto markets are up ~10% since Nov. 20, with B. Riley citing ECB-driven dollar-diversification talk and expected rate cuts as boosts to risk sentiment.
- ETH treasury companies led DATCOs, rising ~28% on average versus ~20% for BTC treasuries and ~12% for SOL treasuries.
- B. Riley said BitMine and SharpLink offer the clearest staking/restaking exposure among its coverage, and pointed to FG Nexus, Sequans and Kindly MD as discounted value plays relative to mNAV.
Top Stories
