Another major security breach has rattled the Japanese cryptocurrency space. Zaif, a cryptocurrency exchange operated by the startup Tech Bureau confirmed Sep 20, 2018, that it fell victim to a cyberheist with the perpetrators getting away with no less than 6.7 billion yen (approximately $60 million).
The company said it has already kicked off remedial measures to compensate the affected investors.
The Japan-based crypto exchange says it first detected an unusually high outflow of funds at around 17:00 hours on September 14. Shortly after the discovery, Zaif temporarily suspended all withdrawal and deposit services.
According to Reuters, the exchange was further alarmed by server problems on Sep 17, which led to the discovery of the breach. Zaif reportedly notified Japanese authorities the following day.
Among the stolen coins were 5,966 bitcoins, as well as two other cryptocurrencies. Coins worth 2.2 billion yen belonged to Zain’s own reserves, whereas approximately 4.5 billion yen belonged to customers. All the stolen tokens were kept in so-called “hot wallets”.
Hot Wallets are connected to the internet, which according to security experts, makes them much more vulnerable compared to “Cold Wallets.”
Zaif says the attack spanned nearly two hours, adding that it is committed to mitigating any technological loophole that may have led to the breach.
As a quick remedial measure, Tech Bureau inked a deal with JASDAQ-listed Fisco Ltd shortly after the discovery of the attack. Per the deal, Fisco will invest 5 billion yen (approximately $45 million) in exchange for a majority stake in Zaif.
The funds raised from the deal will be used to refund Zaif users who lost their digital assets during the heist.
Fisco confirmed the deal and added that the 5 billion yen in “financial assistance” could change in value if the stolen amount is found to be higher than what Zaif had previously stated.
Japan’s financial regulatory body FSA is yet to make an official remark regarding the Zaif hack. However, Reuters claims to be in possession of documents that suggest FSA is preparing to conduct emergency checks on the country’s cryptocurrency exchanges to verify whether or not they are taking appropriate measures to safeguards investors’ deposits.
Japan’s crypto space has witnessed a series of high-profile cyberheists that have got investors and regulators worried over the reliability of digital assets exchanges. FSA has been particularly watchful of the industry ever since the Tokyo-based exchange Coincheck Inc. lost digital coins worth $530 million in a cyberheist earlier in Jan 2018. Shortly after the attack, Coincheck was acquired by Monex Group Inc., one of Japan’s leading brokerage firms.
FSA, with the help of other concerned authorities, conducted an exhaustive industry-wide check following the hack of Coincheck. The regulators found that many of the exchanges examined were run with sloppy management and security practices, including serious vulnerability to sophisticated cyber attacks, as well as the lack of even basic anti-money laundering practices.