Japan’s FSA Tells Crypto Exchange Operator to Pony Up Info on Zaif Hack
Tech Bureau Corp, a Japanese cryptocurrency operator whose Zaif exchange was hacked for nearly $60 million USD in crypto last week, has been told by Japan’s Financial Services Agency that it needs to be considerably more forthright in the aftermath of the incident.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Hackers Gonna Hack, Regulators Gonna Regulate
On September 25th, Japan’s FSA, the nation’s top financial regulator, told Tech Bureau Corp of Osaka that the cryptocurrency exchange operator needs to immediately provide more details on the recent Zaif hack or alternatively justify its slow response thus far.
Zaif was originally hacked on September 14th, with the malicious nature of the incident being formally confirmed and reported to the police four days later on September 18th. The hacker or hackers were able to make off with millions of dollars worth of various cryptocurrencies.
Since then, Tech Bureau Corp has provided few details or future-minded plans, e.g. how customer reparations will be broached, so the FSA has sent the company a formal order for increased transparency around the hack. It will have been the third formal order the agency has sent to the firm this year — a previous one notably addressed the need for improvements in the company’s internal risk management system.
Indeed, specifics are scarce for now; an FSA official told a press pool that the operator believed one of its employees’ computers were penetrated, though an attack vector wasn’t provided.
Exchange Employees Are Growing Targets
While it’s too early to know exactly what happened in the Zaif hacked, if Tech Bureau Corp’s explanation pans out, it won’t be surprising.
That’s because crypto exchange employees being targeted by hackers is a trend that’s only set to increase in the years ahead.
In a recent article, Bitsonline outlined a series of critical security threats in the cryptoverse that users should stay vigilant over. These threats included vectors like keyloggers, SIM swappers, DNS hijacks, and we also touched upon exchange employees being security holes.
Specifically, we noted that such employees were prime targets for phishing attacks, as they and their devices provide singular weak points through which exchanges’ internal systems can be compromised.
It’s unquestionably a thread to keep an eye on. And, accordingly, look for crypto enterprises to only get that much more serious about their respective security practices going forward. Their “chains” will only be as strong as their weakest links, as it goes.
What’s your take? Is the FSA taking the right approach here? Let us know in the comments section below.
Images via Pixabay