* Czech registry says closure may last beyond EU deadline
* EU official says to phase re-opening of spot trade
* Up to 2 mln EUAs stolen, worth nearly 30 mln euros-EU
By Pete Harrison and Michael Kahn
BRUSSELS/PRAGUE, Jan 20 (Reuters) - The European Union will re-open its emissions trading scheme step by step as security improves, after a possibly concerted theft by hackers of carbon permits worth up to 30 million euros ($40.5 million), EU officials said.
The EU on Wednesday imposed a week-long freeze on spot trade in its carbon market, the bloc's chief weapon for fighting climate change, after emissions permits called EU allowances (EUAs) were stolen from accounts in the Czech Republic and Austria.
But a wholesale reopening by Jan. 26 appeared in doubt after the Czech carbon registry said on Thursday it would be closed indefinitely.
An EU spokeswoman said that the theft may have resulted from "concerted action", but ruled out deliberate sabotage.
The EU ETS caps nearly half the bloc's carbon emissions by allocating a fixed quota of EUAs to factories and power plants.
"For us at this stage, it is theft, not sabotage. It could be possible that it is concerted action, because the recent incidence, they happened within the last five days," the Commission's climate action spokeswoman Maria Kokkonen told a regular briefing.
"The member states are now investigating. We are in close contact," she said.
Asked when trade might resume, she said: "It depends (on) the action and the speed of reaction of the member states. Some 14 registries in the 27 member state bloc are not up to scratch at present, she added.
A senior official at the EU's executive Commission, who declined to be named, said the suspension would be lifted in phases, starting with registries that proved their security.
Germany's registry successfully foiled an attack a few weeks ago, said a second senior official. "The red line was raised." EU officials could not rule out the possibility that regular traders had perpetrated the theft.
In all up to 2 million EUAs were stolen, worth 28.7 million euros at Thursday's prices, said Jos Delbeke, the head of the Commission's climate action division.
Freezing of the spot market has not blocked a much bigger trade in futures, though that was subdued at about half normal volumes as traders vented anger at another scandal to hit the scheme. The price of benchmark EUAs was down 3 cents on the day at 14.35 euros at 1415 GMT.
The latest attack follows a multi-billion-euro VAT fraud, a phishing scam and a scandal involving the re-sale of used carbon credits.
"This market is really suffering, and once again we are revisited by the same issues of fraud," said one trader.
The United States, Japan and Australia have all delayed implementing cap and trade schemes, and the latest glitch to the EU system -- by far the largest in the world -- could detract further from global adoption.
"You don't want to have a whole bunch of reputational problems; it discourages other countries taking the same route," said Trevor Sikorski, a carbon analyst at Barclays Capital.
The Czech carbon registry said it would remain closed for an indefinite period following a similar statement by the Austrian registry, target of a Jan. 10 hacking attack, on Tuesday.
The International Emissions Trading Association, a carbon trading lobby group, said it wanted clarity on recovering the estimated 475,000 EUAs missing from the Czech registry. (Additional reporting by Nina Chestney in London, writing by Gerard Wynn; editing by Anthony Barker and Veronica Brown)