$60 million stolen from Japan’s Zaif cryptocurrency exchange

Posted: 20 September 2018 2:48 pm

Hot wallets are hot targets.

When we came in on Monday, the money was all gone – to paraphrase employees of Tech Bureau's Zaif exchange in Japan.

The hack itself actually took place over a period of about two hours until 7pm Osaka time on Friday, the Japan Times reports, but a system abnormality wasn't detected until Monday, Zaif didn't realise the money was gone until Tuesday and news didn't break until Thursday. So someone at Zaif is really having a hellish week.

The timing of the attack, coming in right at the end of business hours on a Friday, is almost certainly no coincidence. It looks like the attacker aimed to buy some time over the weekend, and it seems to have worked.

It's being reported that about US$60 million of cryptocurrency, including bitcoin, Monacoin and Bitcoin Cash, was pulled out of the exchange's hot wallet. One-third of the funds belonged to the exchange, while the other two-thirds was customer money.

Taking precautions

Japan's exchanges and regulators went on high alert following the monumental CoinCheck heist, in which about half a billion dollars were pulled out of Japan's CoinCheck exchange. It remains one of cryptocurrency's largest single thefts to date.

In the aftermath of CoinCheck, Japan's Financial Services Authority (FSA) swept 15 exchanges across the country, including Zaif.

Of the exchanges swept, seven were ordered to carry out certain improvements while two were ordered to suspend trading. The investigation in general found an industry full of security holes, and occasionally marred by exchange staff toying with customer funds for personal use.

juicy crypto words

Zaif might have been somewhere in the middle of the pack. It's been slapped with two FSA business improvement orders this year, but there was nothing so egregious that it was ordered shuttered. But just like CoinCheck, this particular attack went after an exchange's hot wallet.

Current crypto industry best practice is for as much of the funds as possible, typically over 90% of all customer funds, to be kept in an offline cold wallet at any given time. Most security experts would probably agree that Zaif had no business leaving so much money in a hot wallet.

After the hack, Tech Bureau said it agreed to receive a $44.59 million bailout from Fisco Ltd. In exchange, Fisco would get majority ownership. The value of Fisco's investment is still subject to change though, it said, if further investigation uncovers a different value of funds stolen.

If there's anything to be learned from the ongoing tendency of Japan's exchanges to experience enormous hacks, other than not to leave millions of dollars in a hot wallet, it's that Japan's crypto exchanges are still doing roaring business, and that exchange security should not be taken for granted.

Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Get into cryptocurrency

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site