Japan’s financial regulator said on Monday it would inspect all cryptocurrency exchanges and ordered Coincheck to get its act together after hackers stole $530 million worth of digital money from its exchange in one of the biggest cyber heists on record.
The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.
The Financial Services Agency (FSA) on Monday ordered improvements to operations at Tokyo-based Coincheck, which on Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen ($534 million) of NEM coins, among the most popular digital currencies in the world.
Coincheck said on Sunday it would return about 90% with internal funds, though it has yet to figure out how or when.
The NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet,” outside the internet, Coincheck said. It also does not use an extra layer of security known as a multi-signature system.
The FSA said it ordered Coincheck to submit an incident report and measures for preventing a recurrence by Feb. 13. If necessary, it will conduct on-site inspections of other exchanges, an official told a briefing.
The regulator said it has yet to confirm whether Coincheck had sufficient funds for the reimbursement.
For more on cryptocurrency, watch Fortune’s video:
Japan started to require cryptocurrency exchange operators to register with the government only in April 2017, allowing pre-existing operators such as Coincheck to continue offering services ahead of formal registration.
The FSA has registered 16 cryptocurrency exchanges so far, and another 16 or so are still awaiting clearance. Coincheck’s application was made in September.
“It’s been long said that cryptocurrencies are a solid system but cryptocurrency exchanges are not,” said Makoto Sakuma, research fellow at NLI Research Institute.
“This incident showed that the problem has not been solved at all. If Coincheck screws up its crisis management, that could deal a blow to the current cryptocurrency fever.”
NEM fell to $0.78 from $1.01 on Friday but recovered to $0.97 on Monday, according to CoinMarketCap. Crypto-currency related shares mostly rose in Tokyo, with GMO Internet, which offers cryptocurrency exchange service, gaining 5.7 pct.
Singapore-based NEM Foundation said it had a tracing system on the NEM blockchain and that it had “a full account” of all of Coincheck’s lost NEM coins. It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to return the stolen funds to its owners.
In 2014, Tokyo-based Mt. Gox, which once handled 80% of the world’s bitcoin trades, filed for bankruptcy after losing around half a billion dollars worth of bitcoins. More recently, South Korean cryptocurrency exchange Youbit last month shut down and filed for bankruptcy after being hacked twice last year.
World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with U.S. Treasury Secretary Steven Mnuchin relating Washington’s concern about the money being used for illicit activity.
Many countries have clamped down on exchanges.
South Korea will ban cryptocurrency traders from using anonymous bank accounts to crack down on the criminal use of virtual coins. China has ordered some exchanges to close, with the aim of containing financial risks.
But Japan has taken a different tack, becoming last year the first country to introduce national-level regulation of cryptocurrency exchanges.
The move, intended to protect consumers and stymie money laundering, was praised by many traders and operators as progressive.