Forced Deal and FSA Scrutiny: What Do We Know About Japan’s Latest Hack

This post was originally published on this site

How hackers stole $59 million from Zaif.

This week, yet another major hack occurred in Japan: Hackers stole around $59 million worth of cryptocurrencies from local cryptocurrency exchange Zaif. It took several days for the platform to notice the breach, and now it has fallen under the tight scrutiny of the country’s regulator. The company that owns Zaif has already agreed to sell its majority stake to cover the losses.

Zaif was already under the FSA’s scope

Zaif was founded in May 2014 by Osaka-based startup Tech Bureau Inc. It is one of the 16 crypto exchanges in Japan which have received approval from Financial Services Agency (FSA) — since the amendment of Payment Services Act in April 2017, all crypto exchanges in the country are required to register with the regulator.

Zaif has received “punishment notices” — or business improvement orders — from the FSA at least twice this year: the first one on March 8 and the second on June 22. Specifically, in March, Zaif was one of the seven exchanges criticized for a lack of “the proper and required internal control systems” by the watchdog. The FSA has been keeping a tight grip on local exchanges, firmly reacting to security breaches after two high-profile scandals: January’s unprecedented $532 million Coincheck hack (the exchange was not registered with the FSA at the time) and the infamous collapse of Tokyo-based Mt. Gox.

Now, according to government sources cited by Japan Times, the exchange is in danger of getting a third warning from the FSA, which also inspected all the other exchanges in the country for similar breaches.

Almost $60 million was stolen, but the amount might be even higher

According to Cointelegraph Japan, the security breach occurred on Sept. 14 and lasted for two hours — between 5 p.m. and 7 p.m. local time. As a result of the attack, the hackers managed to steal 4.5 billion yen (roughly $40.1 million) from users’ hot wallets as well as 2.2 billion yen (around $19.6 million) from the assets of the company, with total losses amounting to 6.7 billion yen, or around $59.7 million. Specifically, the fraudsters stole 5,966 Bitcoin (BTC). Two other stolen assets include Bitcoin Cash (BCH) and MonaCoin (MONA), however it is unclear how much of those were drained from the exchange, as the actual amount will be confirmed once the servers are back online.

Tech Bureau hasn’t disclosed any more details about the hack, citing a criminal investigation that has been launched by the FSA.

It took several days for the exchange to detect the security breach

According to Tech Bureau’s press release, the exchange spotted a server error on Sept. 17, after which Zaif suspended deposits and withdrawals. On Sept. 18, the exchange realized that the error was a hack and reported the incident to the police and the FSA.

It wasn’t the first time

In February 2018, Zaif admitted to a “system glitch” that allowed users to temporarily acquire trillions of dollars worth of Bitcoin (BTC) for free.

Similar to this time, Zaif reported the breach after several days — on Feb. 20, they made a post on their site explaining that for 18 minutes on Feb. 16, users accidentally found themselves able to ‘trade’ yen for virtual currency — at an exchange rate of zero yen per coin.

According to reports, seven users were able to obtain crypto for “free,” but the exchange managed to cancel all illicitly-gained transactions. Specifically, one “buyer” made an attempt to sell 2,200 trillion yen (about $20 trillion) in Bitcoin before the problem was resolved.

Users took to social media to complain about the exchange’s poor back-end performance and lack of support.

The exchange has already taken its toll

According to Fortune sources, the FSA has asked Tech Bureau to submit a report on the breach. Additionally, it plans to conduct an on-site inspection of the company’s offices after receiving the document.

Meanwhile, Tech Bureau has promised to refund clients who lost assets due to the attack, and “immediately” signed a deal with a Fisco Ltd., a Tokyo-based financial markets research firm which also has a cryptocurrency exchange in their operation. The Osaka-based startup will reportedly receive 5 billion yen (roughly $44.5 million) in exchange for selling a large stake of the company, making Fisco the majority shareholder. Moreover, as per the agreement, the startup will reportedly have to dismiss more than half of its directors and corporate auditors.

Currently, Zaif is the 37th largest cryptocurrency exchange by reported turnover, and its daily change volume is down 17 percent, according to CoinMarketCap.