Barely before the ink had dried on the news that Japanese cryptocurrency exchange Zaif had been hacked and slightly less than US$60 million stolen, the National Police Agency (NPA) of Japan has released a report highlighting the vulnerability of Japan’s crypto space.
According to the NPA, the number of incidents involving the theft of funds from cryptocurrency exchanges and individual accounts tripled in the first half of this year compared to a similar period last year. Initially reported by The Asahi Shimbun, the amounts stolen so far this year are far in excess of what was looted last year.
During the entire 2017, a total of 149 cases were reported and more than 660 million yen was stolen but so far this year more than 60 billion yen has been stolen with the reported incidents in the year’s first half reaching 158. Most of the cryptocurrency holdings stolen this year were seized in the hacking of the cryptocurrency exchange Coincheck which lost about 58 billion yen to hackers in January this year.
Poor Security Safeguards
In the cryptocurrency thefts targeting individual accounts, over 60% of the incidents involved the use of similar login details across online accounts and platforms, according to the National Police Agency. With regards to the cryptocurrencies stolen, XRP was among the most targeted digital asset with 1.52 billion yen worth of the digital stolen seized in 42 cases.
Bitcoin was also highly targeted as 94 incidents were reported where 860 million yen worth of the flagship cryptocurrency was stolen. In the Coincheck hacking, the NEM cryptocurrency was the main target as CCN reported earlier in the year.
After the Coincheck incident in January the industry regulator Financial Services Agency (FSA) intensified efforts aimed at disciplining cryptocurrency exchanges. Though it remains to be seen, the hacking of Zaif is likely to have an impact on the ongoing regulatory review of the sector by the FSA. This is especially so in light of the fact that earlier this year regulators had slapped Tech Bureau Corp, Zaif’s parent company, with two business improvement orders.
Hot Wallet Vulnerability
And just like in the case of the Coincheck theft, Zaif is also understood to have kept the affected cryptocurrency holdings in a hot wallet. Most of the digital assets that were stolen belonged to clients – worth around 4.5 billion yen while less than half of that (worth about 2.2 billion yen) belonged to the cryptocurrency exchange. After the hacking Tech Bureau Corp revealed that Fisco Ltd, a company listed on the JASDAQ, would be acquiring a majority stake in the firm for approximately 5 billion yen.
“We will prepare measures so that customers’ assets will not be affected,” said Tech Bureau Corp in a statement.