Spot trading in the carbon market resumed today as five national carbon registries re-opened following last month’s cyber attacks. But trading volumes remained low as traders expressed fears that they could inadvertently purchase stolen credits.

As of 1pm, only 25,000 EU allowances (EUAs) and 10,000 certified emission reduction (CERs) credits had been traded on the BlueNext carbon exchange. On a typical day hundreds of thousands of credits are traded on the spot market and volumes of EUAs traded on the BlueNext can top one million units.

Meanwhile, the ICE carbon exchange and Green Exchange remained suspended, while no spot trading took place on the EEX exchange.

“One trader told me this morning that people are basically ‘scared of the stolen shit’,” said Alessandro Vitelli of analyst firm IDEAcarbon, referring to the estimated €30m (£25m) of carbon credits that were stolen in a cyber attack on the Czech national carbon registry last month.

“There is still no official list of the stolen EUAs so there is no guarantee that you are not going to buy them,” he explained. “Some traders are saying that they are just not bothering with the market until the issue is resolved.”

Where spot trades are taking place firms are having to offer credits at a significant discount to carbon futures in order to offload them.

The re-opening of registries in France, Germany, the Netherlands, Slovakia and the UK comes after the countries passed European Commission cyber security tests allowing them to re-start operations.

Further registries are expected to re-open next week, but there are concerns that some registries in Eastern Europe could stay closed until March or April.

Meanwhile, analyst firm Point Carbon today estimated that the suspension in spot trading has blocked €110m of market activity.

“Based on the average spot volume so far this year, Point Carbon Thomson Reuters estimates the value of the lost spot trading since 19 January to be in the order of €110 million,” said Kjersti Ulset, head of European Carbon analysis at the company.

She added that the European Commission must continue to step up cyber security measures and undertake a full investigation into the attacks.

“Investigations must continue to find out exactly what happened, and issues related to liability and financial compensation for stolen allowances must be clarified,” she said. “Thomson Reuters Point Carbon has acquired a list of the IDs of the stolen allowances that we have provided to our customers, but it is important that the Commission and Member States also provide clarity on the legal status of these allowances.”