Another Cryptocurrency Exchange Hack Hits Japan [UPDATED]
Update (September 21, 2018): Blockchain forensic company Blocktrace has traced some of the bitcoin stolen from Zaif to cryptocurrency exchange Binance.
“I can confirm that the hack started on the 14th as that's when I saw the withdrawal of 5,966 Bitcoin,” Blocktrace founder Shaun MaGruder told Bitcoin Magazine.
Initially, the bitcoin were moved to this address. From there, the hackers have begun “layering” the transactions, he said. In other words, breaking up the funds into smaller and smaller amounts to hide the origin of the money.Some of the funds have made their way to Binance, where MaGruder says the know-your-customer process is “not as strict” as other exchanges.
“Even though you have to upload your ID when verifying account, they are not making sure it is actually you,” MaGruder said. Once there, the hacker(s) will likely swap the bitcoin for another coin, before moving the funds to an exchange that has fiat banking. Binance only offers crypto-to-crypto trades.
Another cryptocurrency heist has shaken Japan. This time, 6.7 billion yen ($60 million USD) worth of company and user funds have vanished from Japanese cryptocurrency exchange platform Zaif.
Tech Bureau Corp, the Osaka-based company that operates Zaif, estimates the heist occured on September 14, 2018, between 5 p.m. and 7 p.m. local time. The exchange detected the breach on September 17, 2018, and reported the event to authorities the following day.
Of the stolen money, the hacker siphoned 4.5 billion yen (about $40 million USD) from user accounts and 2.2 billion yen (just under 19.5 million USD) from the company’s own assets. The three virtual currencies stolen include bitcoin, monacoin and bitcoin cash. Of those, $37.8 million were bitcoin funds (5,966 BTC).
Tech Bureau Corp will be able to tell the exact number of bitcoin cash and monacoin stolen once it gets its servers back up. All the cryptocurrency was taken from a server managing its hot wallet. A hot wallet refers to a wallet that remains online for immediate transactions. In contrast, a cold wallet represents more secure, long-term storage that is kept offline.
Japan’s Financial Services Agency (FSA) has already issued two business improvement orders (one in March 2018, the other in June 2018) to Tech Bureau Corp for its lax management structure. Now the financial watchdog is considering issuing a third warning, reports the Japan Times.
The exchange has suspended all services for now but plans to get back online once it has secured its network. It also intends to pay back its customers and has already secured a 5 billion yen ($44.5 million) loan from Fisco Digital Asset Group. In addition, Tech Bureau Corp will sell a majority stake of its company to Fisco, which owns its own exchange. According to Japan Times, Fisco will send in directors and an auditor while Tech Bureau’s own managers will resign over the incident.
The hack represents another setback in a country that has been trying to regulate its cryptocurrency exchanges with the same level of oversight it does banks. Early this year, Tokyo-based Coincheck saw a loss of $530 million worth of NEM tokens. That hack represented one of the largest financial losses since the introduction of bitcoin. Coincheck has since been acquired by Monex.
Since April 2017, Japan has required all of its crypto exchanges to be licensed. Both Coincheck and Tech Bureau Corp were founded in 2014, before the new laws went into effect. Coincheck was not fully licensed at the time it was hacked, but Tech Bureau Corp is a registered exchange.