A Japanese cryptocurrency exchange that fell victim to a hack in which 58bn yen (£380m) of digital coins was stolen said customers will be refunded.
Coincheck said on Sunday that it would refund about 90 percent of the stolen NEM coins with internal funds.
Despite the announcement, Japan’s Financial Services Agency on Monday demanded assurances from the Tokyo-based company that operations would be tightened to reduce the risk of future security breaches.
Coincheck revealed the theft of NEM – a popular cryptocurrency – last week. The coins were stored in a “hot wallet”, which is connected to the internet, rather than a “cold wallet”, which is more secure because it is stored offline.
The FSA gave Coincheck two weeks to submit a report about the incident and outline new security measures. The regulator may also carry out on-site inspections if it deems them necessary.
Japanese cryptocurrency exchanges, unlike those in many other countries, must register with the financial regulator.
The latest hack to hit a major cryptocurrency exchange highlights the vulnerabilities of the developing technology. Regulators around the world have warned about the dangers of investing money in digital currencies, citing concerns about security and extreme volatility.
A $500m hack of Japan’s Mt Gox exchange in 2014 forced it into bankruptcy and caused the price of bitcoin to crash. It did not recover to its high before the heist for more than three years.
Although the Coincheck hack was larger, the site is not in the dominant position that Mt Gox was in 2014.
Mt Gox at one stage handled more than three-quarters of all bitcoin trades globally and the amount of money stolen represented a significantly larger proportion of the total amount of cryptocurrency in circulation at the time.
Several hacks have taken place in recent months as the value of digital coins has taken off.
The NEM foundation, which developed the technology behind the coin which has been stolen said it had the ability to trace all of the missing money. The Singapore-based group said hackers had not transferred the funds to an exchange or personal accounts.