Japanese Exchange Zaif Hacked, Loses $59.7 Million USD
Japanese exchange Zaif has suspended deposits and withdrawals after announcing a hack that saw ¥6.7 billion JPY ($59.7 million USD) worth of bitcoin, and unknown amounts in monacoin and bitcoin cash, leave its hot wallets over a period of days. The company has apologized to customers, reached a basic agreement with investors to compensate customers, and reported the incident to Japan’s regulator, the Financial Services Agency (FSA).
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Zaif Suspends Deposits and Withdrawals Following Sept 14th Incident
In a press statement posted online, Zaif said it first suspended withdrawals and deposits around 5:00PM local time on September 14th after noticing “unauthorized” withdrawals in the three digital assets mentioned. It recorded a server malfunction on September 17th and notified the authorities after confirming a hack the following day.
— Zaif – 暗号通貨取引所 (@zaifdotjp) September 19, 2018
The company apologized for “betraying the trust of customers who depend on us to keep their assets safe,” and promised a more detailed explanation once more facts are known. So far, the statement read, it can only confirm 5,966 BTC was stolen. It cannot yet ascertain the exact amounts of monacoin (MONA) and BCH lost as it has not yet restarted the relevant servers.
Of the lost funds, ¥2.2 billion were in the company’s own assets and ¥4.5 billion were in customer funds. It claimed the majority of customers’ deposits are kept in cold storage, while the attack targeted “hot wallets” (online wallets necessary to maintain regular trading volumes).
Negotiating Compensation Deal for Customers
Osaka-based Zaif is operated by Tech Bureau, a subsidiary of Fisco Digital Asset Group Co., Ltd, part of the JASDAQ-listed Fiscal Co. It said it has formed a basic agreement (specifics still under negotiation) with Fisco for ¥5 billion assistance to cover the losses by the end of the month, in return for over half its shares and a number of board positions.
It has also formed a separate basic agreement with Japan’s Caica Corporation to provide security technology to strengthen future operations.
Following the notorious Mt. Gox shutdown and 800,000+ BTC theft in February 2014 and its aftermath, plus a 500 million NEM (XEM) theft at Coincheck in January 2018, Japan’s regulators have taken a strict approach towards monitoring cryptocurrency exchanges.
Japan Regulators Concerned Over Exchange Operations
The industry has often fumed at the stringent reporting requirements the government imposed after new laws were activated in April 2018. Kraken, once a darling of the Japanese government, ceased operations in the country in July 2018, and bitFlyer suspended many of its customers’ accounts for weeks-long reviews following accusations of criminal money entering its system.
Zaif (which comes from the Japanese word for “wallet”) would have likely faced harsh sanctions if it failed to compensate losses. The company has promised to provide information and restart services as promptly as possible.
Japan is home to one of the world’s largest (if not the largest) digital asset trading markets. The sheer value of these volumes make the country’s exchanges a ripe target for hackers.
Do you know anyone who uses the Zaif exchange? What should exchanges do to improve hot wallet security? Feel free to share your thoughts in the comments.
Images via Zaif, Pixabay