Osaka-based cryptocurrency operator Tech Bureau Corp. said Thursday it estimates that about ¥6.7 billion ($59.7 million) worth of bitcoin and other digital currencies were stolen from its Zaif platform after its systems were compromised.
In a statement, the company said the heist apparently took place last Friday between 5 p.m. and 7 p.m. when the hackers gained unauthorized access to the exchange’s hot wallets, which are less secure and where funds are held for immediate transactions, taking 5,966 bitcoins and unknown quantities of bitcoin cash and monacoin.
The exchange noticed the breach Monday. The company said it promptly reported the incident to the police and Financial Services Agency.
Later on Thursday, the FSA launched an investigation into whether Tech Bureau had the proper security measures in place to guard against the attack.
The financial watchdog has already issued two administrative warnings to the company over lax management earlier this year and is now mulling a third, according to government sources. It also surveyed all other exchanges in the country for similar breaches.
Tech Bureau, which was founded in 2014, plans to compensate its customers for the loss. The firm originally said about ¥6.7 billion was hacked, but the actual amount has yet to be confirmed as the server that was attacked has not been rebooted for security reasons. The startup also said it had reached an agreement with an affiliate of Fisco Ltd., a Tokyo-based financial markets research firm, who will provide it with ¥5 billion in funds that will go to compensating those whose coins were stolen.
In addition, Tech Bureau will sell a majority stake to Fisco’s group firm, which also runs a cryptocurrency exchange. Fisco also plans to send directors and an auditor to the startup in an effort to strengthen its internal management. Tech Bureau said its current managers will resign over the incident.
Japan has strengthened regulations governing cryptocurrency exchanges since April 2017, requiring them to register with the government and show they have adequate infrastructure and security measures in place to properly run such services. Yet this is the second major cybertheft from one of the country’s cryptocurrency exchanges this year. In January, ¥58 billion worth of NEM coins were stolen from Coincheck Inc.
Since the Coincheck incident, the regulatory body has tightened scrutiny of exchange operators even further, conducting on-site inspections and handing out business improvement orders to a number of companies, including Tech Bureau.
In March, the FSA ordered the firm to strengthen its management structure for handling risk within its system. The watchdog issued another administrative warning in June, pointing to lapses in internal management, internal audit capabilities, measures to counter money laundering and a viable system to properly protect the assets of its customers.
Tech Bureau is a registered operator, while Coincheck was operating on a tentative basis and had yet to receive formal approval.
According to the National Police Agency, the number of cryptocurrency hacking incidents during the first six months of the year increased threefold from a year earlier to 158.
The total amount stolen skyrocketed from ¥115 million to ¥60.53 billion during the same period, largely due to the Coincheck incident.
Information from Kyodo added
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.