Japan's Financial Services Agency issued the order to Coincheck for not having sufficient security measures to prevent such attacks, with agency officials also saying the company has a poor standard of customer service.
The agency instructed Coincheck to investigate the cause of the security breach and report its future preventative measures back to it by Feb. 13.
The losses of the NEM cryptocurrency in the Coincheck incident were the largest ever in a security breach, and the firm has been instructed by the agency to reimburse its customers.
On Friday, the virtual currency exchange halted the majority of its operations, stating later that all of its customers' holdings of NEM coins had been stolen.
Coincheck said that 260,000 of its customers affected would be compensated for the 46 billion yen (422 million U.S. dollars) in cash that was lost at the time.
Many customers were irate, however, as the amount reflected a lower rate of NEM coins, and the announcement was made after news of the possible theft had become public.
The coins were being stored in a digital wallet, Coincheck said, which is not as secure as an offline wallet. Coincheck had previously been warned by Japan's financial watchdog about storing its coins in this way.
Japan's top government spokesperson, Chief Cabinet Secretary Yoshihide Suga, said on Monday the government was investigating the incident.
Tokyo's Metropolitan Police Department will also begin a probe into the case, he said.
In 2014, Mt. Gox, another Tokyo-based virtual currency exchange, suspended operations on its exchange after a number of cyber attacks leading to bitcoin worth 48 billion yen (440 million U.S. dollars) being stolen.
Following the Mt. Gox incident, the government changed the law and made it a requirement that virtual exchanges register with the government from April 2017.
However, Coincheck's registration with the government is still awaiting approval.