Bitpoint Hack Shows That Regulators’ Scrutiny Does Not Equal Safety

Published at: July 16, 2019

On July 12, 2019, Tokyo-headquartered cryptocurrency exchange Bitpoint promptly suspended its services after noticing an error in the outgoing funds transfer system. Soon, an official announcement followed, revealing that the trading platform had lost around 3.5 billion yen (roughly $32 million) as a result of a security breach. The exchange’s administration has managed to find a portion of the missing funds since the initial announcement was published. Nevertheless, the security breach seems to continue the streak of hacks targeting Japan-based exchanges.

Details of the hack

According to the breakdown of the hack published by Bitpoint’s parent firm, Remixpoint Inc., Bitcoin (BTC) accounted for the highest share of total losses. The total amount of stolen BTC (1,225) is worth over 15 billion yen (just over $138 million). Further, over 28 million XRP (10 billion yen, or $92 million) and 11,169 ETH (3.3 billion yen, or $30 million were taken away by the hackers. Additionally, the fraudsters stole 1,985 Bitcoin Cash (BCH) and 5,108 Litecoin (LTC), worth 1,2 billion yen, or $11 million. 

The breach occurred due to unauthorized access to the private keys of its hot wallet, Remixpoint Inc. indicated in the document. Bloomberg has reported that shares of the company shed 19% after the news of the incident surfaced and became untraded in Tokyo at some point due to what the publication called “a glut of sell orders.”

Later, on July 14, local English-language publication The Mainichi reported that Bitpoint has discovered over 250 million yen (around $2.3 million) in cryptocurrency on overseas exchanges that were using a trading system provided by Bitpoint Japan. The exchange’s spokesperson reportedly told The Mainichi that the recent discovery brings the total sum of lost founds down from 3.5 billion yen (about $32 million) to 3.02 billion yen (approximately $28 million).

Related: Round-Up of Crypto Exchange Hacks So Far in 2019 — How Can They Be Stopped?

Genki Oda, founder and CEO of Bitpoint, told Cointelegraph that his platform is going to compensate its users, although without mentioning any specific time frame. Additionally, Oda said it was in touch with fellow exchanges Binance and Huobi regarding the freezing of stolen funds that have allegedly ended up in their wallets following the security breach. Such collaboration with other trading platforms is a common method of mitigating cryptocurrency hacks, as it prevents fraudsters from cashing-in on their loot. “If you know other way for locking or getting back the hacked crypto, please let us know the ways,” Oda added.

Moreover, Bitpont has announced it is going to compensate customers in cryptocurrencies rather than in their equivalent fiat value.

The FSA and Japan’s regulatory regime

Although Japan is one of the very few countries where cryptocurrencies can be used as legally accepted means of payment, the Japanese Financial Services Agency (FSA) — the country’s financial watchdog — has been noticeably nervous ever since the infamous Coincheck and Mt. Gox hacks. Since the amendment of Japan’s Payment Services Act in April 2017, all crypto exchanges in the country are required to register with the FSA. 

Notably, Bitpoint was one of the approximately 16 local exchanges that has been licensed by the regulator as a result of its rigorous inspections of industry players, which include on-site inspections. According to Nikkei Asian Review, Bitpoint received an operational improvement order from the FSA last year, as the regulators concluded that “its internal controls were flawed,” but it was lifted at the end of last month — just two weeks before the hack occurred.

Related: Grand Theft Crypto: The State of Cryptocurrency-Stealing Malware and Other Nasty Techniques

Koji Higashi, a Japanese market analyst and the founder of Koinup, told Cointelegraph that the FSA’s scrutiny does not necessarily ensure that its subjects have stronger protection in place. Conversely, it could lead to a reduction in safety, Higashi continued:

“I don't think it's a reasonable assumption that being regulated by the FSA closely ensures safety of exchanges. After two major hack incidents that took place in Japan, the FSA tightened the enforcement significantly to prevent any more hacks, but they are by no means security experts. Also, as far as I understand, their main focus seemed to be more on KYC/AML. In some situations, I have heard before that their scrutiny is the reason to put pressure on exchanges financially and lose its focus on security.”

Maurizio Raffone, CEO at Tokyo-based Finetiq Ltd., sees these hacks “as teething problems for a developing market.” He told Cointelegraph:

“Japan’s cryptocurrency exchanges are suffering from their own success as volumes are strong and attract the unwanted attention of cyber attacks. The FSA is actively reviewing the exchange’s operations, issuing improvement orders and so forth but there will always be human error, particularly in an industry that has grown so much, so quickly.”

Jeff Wentworth, co-founder of Curvegrid, another blockchain startup based in Tokyo, seems to agree with that statement, stressing that the hacking problem is not exclusive to Japan:

“I don’t think any country has been immune to financial system hacks, including crypto exchange hacks. Japan is probably seen to be more targeted because it has a larger number of well-capitalized crypto/fiat exchanges versus other jurisdictions.”

Some experts believe the FSA might strengthen its regulation even further as a result of the hack. Wentworth told Cointelegraph:

“I’m sure there will be additional regulatory scrutiny which could lead to tighter requirements for getting licensed. The FSA has shown itself to be both fairly pro-active and fairly fluent in cryptocurrency, so it might just mean an acceleration of already in-flight measures. Computer security is hard, and just as traditional banks will continue to battle hackers, so will crypto exchanges.”

Higashi, on the other hand, is not certain it could be the case, saying:

“According to this website which tracks and compares BTC stock trading volume in Japan, Bitpoint ranks just 7th and their reported BTC trading share is just 2.5% in June. From that standpoint, this incident was minor compared to the Coincheck and Zaif hacks and thus it's possible that the incident may have a minimal impact on the regulation.”

As for now, it seems safe to assume that the level of the FSA’s scrutiny does not necessarily correlate with the safety of the exchanges it oversees. Nevertheless, this year has seen an unprecedented amount of security breaches in the crypto space, which means that some proactive steps should be taken by both players and participants.

Tags
Related Posts
0x DEX Protocol Suspended Because of Vulnerability, Funds Safe
The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13. Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts. The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited this vulnerability and no users have lost their funds. The …
Ethereum / July 13, 2019
Ethereum Classic 51% Attackers Allegedly Returned $100,000 to Crypto Exchange
The Ethereum Classic 51 percent attacker has reportedly returned $100,000 to cryptocurrency exchange Gate.io, a post on the official exchange’s blog reports on Jan. 12. The company further noted that they tried contacting the attacker but didn’t get any reply until now, and that they do not know the reason why the funds have been returned. The exchange declared: “If the attacker didn't run it for profit, he might be a white hacker who wanted to remind people the risks in blockchain consensus and hashing power security.” A white hat hacker is a hacker with a strong professional ethic who …
Altcoin / Jan. 13, 2019
Mt. Gox Opens Online Rehabilitation Claim Filing System for Corporate Users
Now-defunct Japanese Bitcoin (BTC) exchange Mt. Gox has extended its online rehabilitation claim filing system to corporate users, according to an official announcement posted on the exchange’s site today, September 12. Today’s announcement follows upon an online system for individual (non-corporate) users that was released August 23, allowing them to file proofs of bankruptcy claims. The deadline for filing the rehabilitation claims is October 22, 2018, and the claims can also alternatively be filed offline. The announcement has been signed by Tokyo attorney Nobuaki Kobayashi, who has been appointed to act as civil rehabilitation trustee to manage Mt. Gox’s bankruptcy …
Bitcoin / Sept. 12, 2018
Total crypto market cap risks a dip below $1 trillion if these 3 metrics don’t improve
The total crypto market capitalization has ranged from $1.19 trillion to $1.36 trillion for the past 23 days, which is a relatively tight 13% range. During the same time, Bitcoin’s (BTC) 3.5% and Ether’s (ETH) 1.6% gains for the week are far from encouraging. To date, the total crypto market is down 43% in just two months, so investors are unlikely to celebrate even if the descending triangle formation breaks to the upside. Regulation worries continue to weigh investor sentiment, a prime example being Japan’s swift decision to enforce new laws after the Terra USD (UST) — now known as …
Markets / June 3, 2022
XRP price breaks out of range with a 25% rally, but why?
Crypto markets are flashing a bit of green on Sept. 22 as Bitcoin (BTC) price tacked on a 4.7% gain to trade above $19,300 and Ether (ETH) surged 6.5% to recapture the $1,300 level. RSR and and Astar Network (ASTAR) also surged by 23% and 17% respectively, but the more notable mover of the day was XRP. Currently, XRP price reflects a near 25% gain and the asset is up 41% in the past month. According to defense lawyer, James K. Filan, on Sept. 18 Ripple Labs filed a motion for summary judgement - a legal process which involves the …
Regulation / Sept. 22, 2022