Earlier this month, major Japanese crypto exchange Zaif was hacked, losing $60 million worth of crypto in user funds.
The Financial Services Agency (FSA), the main financial watchdog of Japan, has stated that it regrets allowing Zaif to continue its operation after the exchange was given two warnings to drastically improve its system.
“It is extremely regrettable that such an incident happened when (Tech Bureau) was given two business improvement orders,” an FSA official said.
Two Warnings on System Failures and Fraudulent Withdrawals
On September 24, the Japanese government officially opened an investigation into Zaif to evaluate the method of hacking attack utilized to breach into the exchange and the vulnerabilities the exchange had to prevent similar cases from occurring in the near future.
Prior to its hack, the FSA issued two business improvement orders to Zaif, which essentially were warnings, to overhaul their internal management system and security measures to ensure that its system is operating with the risk of being compromised.
However, the exchange failed to comply and implement necessary changes to improve its infrastructure. It remains unclear whether the exchange simply did not have the resources and manpower to implement significant changes to its infrastructure or did not feel the need to update its systems.
Within months after the business improvement orders were issued, the exchange suffered a $60 million hack, becoming a second high profile crypto exchange subsequent to the $500 million security breach of Coincheck.
Currently, the FSA and cybersecurity agencies perceive the root of the attack to be a hacked employee PC, a method utilized by a group of hackers who breached into the internal management system of Bithumb and stole millions of dollars in crypto as well as customer data on the Bithumb platform.
“We have not received enough explanation on what exactly happened. What they told us is an employee’s PC was hacked,” a senior official at FSA said.
Already, the FSA and the Japanese government have streamlined the process of compensating investors affected by the hack. Almost immediately after the breach, acknowledging that it cannot repay $60 million to its investors, Zaif secured a deal with publicly-listed technology corporation Fisco.
In the weeks to come, Fisco is expected to pay over $40 million on behalf of Zaif in return for majority stake in the crypto exchange.
Why Wasn’t Zaif Suspended?
In hindsight, officials at the FSA could have lawfully suspended the crypto exchange of Zaif citing issues related to investor protection and company security. In South Korea, local agencies led by the Financial Services Commission (FSC) initiated an investigation to all of the country’s crypto exchanges.
In its findings, the FSC stated that Upbit, Korbit, Coinplug, Huobi, Bithumb and Coinone had decent security measures in place. The listing of Bithumb as a safe exchange was taken aback by the local crypto community but the decision of the FSC was understandable given that it requested Bithumb to shut down its platform until the systems are fully improved.
More than 20 crypto exchanges in South Korea received orders to overhaul their systems within a period of 30 days.
In the months to come, as the FSA prepares to go through 160 applications filed by local businesses to operate as crypto exchanges, it is most likely that the agency will proactively stop trading platforms with low-security measures, which may be massively beneficial for the entire market of Asia.
Featured image from Shutterstock.
Follow us on Telegram or subscribe to our newsletter here.
Join CCN’s crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.