Cybercriminals have been targeting cryptocurrency exchanges with increasing frequency. The latest name to succumb to such attacks is of Zaif, a regulated Japanese cryptocurrency exchange. At least 5,966 Bitcoins were stolen by hackers - resulting in an estimated financial damage close to that of $60 Million.
Tech Bureau Inc, the parent firm of Zaif, stated that the exchange detected abnormal server activity on Monday, the 16th of September. Following this, they immediately halted their withdrawals, deposits and merchant payment services. In an investigation, Zaif discovered that their hot wallet was accessed on the 14th of September between 17:00 and 19:00 hours. The company commented on this, saying:
Some of the deposit and withdrawal hot wallets were hacked by unauthorized access from the outside, and part of the virtual currencies managed by us was illegally discharged to the outside.
While 5,966 Bitcoins have been stolen, the company also suspects that Bitcoin Cash (BCH) and MonaCoin (MONA) cryptocurrencies have also been stolen. The company is still investigating as to how many BCH and MONA have been stolen. The extent of the damage remains unknown till the company can be assured that restarting their server will not result in a further theft. However, the company has stated that the total damage (including BCH and MONA) is not beyond $60 Million.
It is estimated that the total loss due to the damage…is equivalent to about 6.7 billion yen [~US$60 million] (including MONA and BCH) in Japanese yen.
Reportedly, a portion of the currencies that were stolen belonged to the exchange as well. However, a majority of the currencies that were lost were owned by the users of the exchange. The company has clarified that they lost close to 2.2 Billion Yen ($19.6 Million) while the users have lost 4.5 Billion Yen ($40 Million) worth of cryptocurrencies.
The company is immediately looking forward towards repaying those who have lost their money in this hack. Tech Bureau has asked for 5 Billion Yen ($44.6 Million) from a subsidiary firm of Fisco Ltd. which would help them repay their users. Further, the company has also reported this incident to the Treasury Department of Japan, stating that ‘this case is a criminal case’. An official government investigation has been requested into this matter. The company further stated that:
Currently, we are checking and strengthening security, rebuilding the server, etc., in order to restart the system of depositing / withdrawing virtual currency.
Cryptocurrency exchange Zaif has been around since 2014 and was a trusted name in the Japanese cryptocurrency markets. The company is based in Osaka and is one of the 16 government-approved cryptocurrency exchanges in Japan - which is a rare honour as hundreds of other exchanges want to attain this status. Japan has been very strict about issuing this official status to cryptocurrency exchanges following the CoinCheck hack from earlier this year. While Zaif will have to answer some questions, the FSA too needs to introspect on what went wrong with their security standards.
Japan’s Financial Services Agency (FSA) which issues this regulated status, had sent Zaif two business improvement orders, asking them to step up their security to the recommended standards - the first of which came in March and the second of which came in June. Zaif was in a controversy earlier this year too, when it accidentally gave away Bitcoins for free.