Coincheck was founded in August 2012 by Koichiro Wada and Yusuke Otsuka in Tokyo, growing rapidly to become Japan's dominant retail crypto exchange during the 2017 bull market. On January 26, 2018, Coincheck suffered what was then the largest cryptocurrency theft in history: 523 million NEM tokens (worth approximately $530M at the time) were stolen from a hot wallet. The hack was enabled by Coincheck's failure to use multi-signature wallets for the NEM holdings (a basic security practice), and the funds were traced on-chain but never recovered due to NEM's pseudonymous architecture.
Recovery, Acquisition, and Regulatory Compliance
What distinguishes Coincheck from most hacked exchanges is its recovery: rather than collapsing (as Mt. Gox did in 2014), Coincheck compensated all affected NEM holders using company funds at the market price at the time of the hack — a $425M reimbursement from corporate reserves. Coincheck was subsequently acquired by Monex Group (a publicly-listed Tokyo Stock Exchange-listed financial services company) in April 2018 for approximately $33.5M, providing institutional backing and compliance infrastructure. Under Monex ownership, Coincheck obtained a full FSA (Japan Financial Services Agency) license and rebuilt its security infrastructure — including multi-signature wallets, cold storage for all major assets, and enhanced internal controls.
Setting Up API Keys for a Trading Bot on Coincheck
Coincheck provides a REST API for trading. API keys require a verified account under Japan's FSA regulations.
Step 1: Complete KYC Verification
Log in at coincheck.com. Navigate to Account -> Identity Verification. Japan FSA regulations require full identity verification (government ID + address proof + face verification). This is mandatory — Coincheck's FSA licence requires KYC for all trading accounts.
Step 2: Enable Two-Factor Authentication
Go to Security Settings -> Two-Factor Authentication. Enable Google Authenticator. Required for API key creation.
Step 3: Create API Keys
Navigate to API Settings -> Create API Key. Set the following permissions:
- Read (balance, orders, positions) — required
- Trade (place and cancel orders) — required for a trading bot
- Withdraw — NEVER enable for a trading bot
In the IP restriction field, enter your VPS static IP address only. Coincheck will reject calls from any other IP.
Step 4: Store Credentials Securely
export COINCHECK_ACCESS_KEY="your_access_key_here"
export COINCHECK_SECRET_KEY="your_secret_key_here"
Step 5: Python Bot Example
import os
import time
import hmac
import hashlib
import requests
ACCESS_KEY = os.environ.get("COINCHECK_ACCESS_KEY")
SECRET_KEY = os.environ.get("COINCHECK_SECRET_KEY")
BASE_URL = "https://coincheck.com"
if not ACCESS_KEY or not SECRET_KEY:
raise RuntimeError("Coincheck credentials not set in environment variables")
def coincheck_headers(url: str, body: str = "") -> dict:
# Generate Coincheck HMAC-SHA256 authentication headers
nonce = str(int(time.time() * 1000))
message = nonce + url + body
signature = hmac.new(
SECRET_KEY.encode("utf-8"),
message.encode("utf-8"),
hashlib.sha256
).hexdigest()
return {
"ACCESS-KEY": ACCESS_KEY,
"ACCESS-NONCE": nonce,
"ACCESS-SIGNATURE": signature,
"Content-Type": "application/json",
}
def get_balance() -> dict:
# Fetch account balance
url = f"{BASE_URL}/api/accounts/balance"
resp = requests.get(url, headers=coincheck_headers(url), timeout=10)
resp.raise_for_status()
return resp.json()
def place_order(order_type: str, rate: float, amount: float, pair: str = "btc_jpy") -> dict:
# Place a limit order. order_type: 'buy' or 'sell'. Rate in JPY.
import json
body = json.dumps({
"pair": pair,
"order_type": order_type,
"rate": rate,
"amount": amount,
})
url = f"{BASE_URL}/api/exchange/orders"
resp = requests.post(url, headers=coincheck_headers(url, body), data=body, timeout=10)
resp.raise_for_status()
return resp.json()
if __name__ == "__main__":
bal = get_balance()
print("Balances:", bal)
Coincheck API security checklist:
- Permissions: Read + Trade only — never Withdraw
- IP restriction: VPS static IP only
- Credentials: OS environment variables — never hardcode
- Coincheck's HMAC-SHA256 uses a nonce (incrementing integer) — always use millisecond timestamps as nonces to ensure monotonic increase
Coincheck: Japan's Leading Crypto Platform
Coincheck is Japan's largest crypto exchange by user count and consistently ranks among Japan's top crypto platforms by trading volume, serving millions of Japanese retail investors seeking JPY-denominated crypto exposure. Monex Group's acquisition of Coincheck in 2018 (following the $530M NEM hack) provided regulatory capital and compliance infrastructure that transformed Coincheck from a startup into a regulated financial services provider with FSA (Japan Financial Services Agency) licensing. Post-acquisition Coincheck repaid all affected hack victims at face value, maintaining user trust through one of crypto's largest exchange incidents.
Coincheck's NFT marketplace specializes in Japanese-market NFTs and gaming assets, providing a JPY-native marketplace for Japanese NFT collectors without the friction of USD-denominated platforms. Coincheck IEO (Initial Exchange Offering) services allow blockchain projects to conduct token sales directly through Coincheck to its large Japanese user base, with strict KYC and AML compliance aligned with Japanese financial regulations. For Japan-focused exchange comparisons see bitFlyer and Liquid; for international CEX options with Japan support see Binance and Bybit. Use our crypto tools and DennTech blog for Asian exchange market coverage.
Coincheck's NFT marketplace specializes in game item tokenization — Japanese blockchain games like The Sandbox, Decentraland, and domestic Japanese NFT game projects list items on Coincheck NFT, providing a regulated, JPY-native marketplace for gaming NFT transactions. The platform's FSA licensing means Coincheck NFT operates under Japan's crypto asset exchange business regulations, providing buyers with legal protections and dispute mechanisms unavailable in international NFT marketplaces. Coincheck's IEO track record includes multiple successful token sales for Japanese blockchain projects, with the IEO vetting process serving as implicit due diligence that increases retail investor confidence in participating projects. Coincheck's integration with Monex Group's broader financial services provides users access to combined crypto and stock portfolio management, appealing to Japanese retail investors already using Monex's traditional brokerage services.
Coincheck's recurring purchase feature allows Japanese investors to automate regular BTC and ETH purchases on a dollar-cost-averaging schedule — monthly or weekly auto-purchases from a linked bank account without manual intervention per trade. This automated DCA product appeals to Japanese long-term crypto investors who want regular crypto exposure without active trading. Coincheck's integration with domestic Japanese payment rails (bank wire and convenience store payments) provides fiat on-ramp options that international exchanges cannot offer, making it the most accessible fiat gateway for Japanese retail users entering crypto.
Coincheck's user interface — available in Japanese and English — is optimized for simplicity rather than professional trading depth, making it particularly accessible for Japanese investors making their first crypto purchase through a trusted domestic brand. Coincheck's domestic brand recognition in Japan, amplified by high-profile TV advertising campaigns, gives it strong retail user acquisition advantages over international exchange competitors who lack Japan-specific marketing presence and Japanese-language customer support teams.