National / Crime & Legal

Japan's cryptocurrency hacking losses totaled ¥662 million in 2017, police agency says

Kyodo, JIJI

Total cryptocurrency losses in the nation due to hacking amounted to ¥662.4 million ($6.3 million) in 2017, the first tally carried out by police showed Thursday.

The National Police Agency is aware of 149 cases of illicit targeted cryptocurrency hacks last year.

In many cases hackers accessed a user’s “wallet,” where public and private keys used to account for and spend virtual currencies are stored. The thefts often saw cryptocurrencies, such as bitcoin, ethereum and ripple, get transferred to other accounts. A total of 16 exchanges registered with the government were hit, according to police.

Of the total damage, ¥453.5 million involved ripple, ¥194.4 million bitcoin, ¥5.3 million ethereum and ¥9.2 million NEM and others.

No cases were reported in January-March last year, while seven cases were reported in April and 41 in June. The figure stayed below 20 the following five months before rising to 25 in December.

Police have been unable to identify suspects in any of the cases.

Lax security measures likely aided hackers as only IDs and passwords were required to access accounts in 122 cases, accounting for more than 80 percent of total breaches.

Many cryptocurrency exchanges recommend customers utilize multifactor authentication systems for identity confirmation.

In late January, ¥58 billion worth of the cryptocurrency NEM was stolen from Tokyo-based exchange operator Coincheck Inc. in the largest such heist in history. Police are investigating the theft, which is believed to have been carried out with the help of a virus emailed to the firm’s employees.

Meanwhile, the number of illicit online transfers of yen and other established physical currencies involving Japan-based financial institutions stood at 425 in 2017, less than a quarter of the peak registered in 2014.

They included 24 cases in which funds were illegally remitted to accounts at cryptocurrency exchanges through electronic payments.

The number of internet banking remittance fraud cases fell to less than a quarter of peak levels and the amount of damage shrank to about a third, thanks chiefly to the use of one-time passwords, the NPA said.

Hackers may also have shifted their focus to cryptocurrency users, police said.