Japanese cryptocurrency exchange Zaif appears to have suffered an attack that lost over $60 million USD of assorted coins. This is another blow to the public perception of cryptocurrency security – marking the fifth exchange hack since the beginning of the year. Details are still emerging, but it appears that a malicious actor gained access to some of Zaif’s hot wallets and withdrew thousands of Bitcoins (BTC), Bitcoin Cash (BCH) and Monacoin (MONA).
Zaif primarily services the Japanese cryptocurrency market and associated trading pairs – including the quintessential Japanese coin, NEM (XEM). Although it remains in the top 100 exchanges by trading volume, the fallout from the recent hack appears to have knocked them down to number 99 – in danger of being knocked off the list entirely. Presumably, this will depend entirely on how Zaif handles the aftermath of the hack.
Events that Led to the Hack
Despite persistent claims that their exchange was ‘practically impossible’ to hack, Zaif received numerous warnings from the Financial Services Agency of Japan. They specifically outlined the potential for the hack that occurred. Coupled with the glaring challenge issued by Zaif itself, a hack was more practically inevitable than impossible.
The issue at hand lay with the use of hot wallets – as opposed to cold storage wallets. While internal transfers for the exchange can be handled in wallets inaccessible from the greater internet, some funds must be kept connected. These hot wallets provide the funds necessary to account for withdraws by legitimate users, but also represent the weakest point in the custody chain. While the exact details of the hack are unknown, details will likely emerge in the coming weeks. Zaif’s parent company is already in the process of securing funds to compensate those impacted by the hack.
The Coincheck Incident Earlier This Year
So far, 2018 has been a damaging year for cryptocurrency in Japan, as the Zaif hack still pales in comparison to January’s Coincheck Incident. Over 500 million NEM went missing from Coincheck’s accounts, helping to tank the overall market from late December highs. In the aftermath of the hack it was discovered that Coincheck kept most customer assets in hot wallets – completely forgoing cold storage. Investigations showed that a concentrated communication campaign by the hackers had successfully infected Coincheck’s system with malware – which ultimately directed the transfers out of their exchange and into the hacker’s accounts.
Quick action by the NEM team tagged the stolen funds – allowing them to be traced. Although this did not completely prevent their laundering, it did allow some blockchain forensic information that will hopefully be useful to investigators in the future. Coincheck users were ultimately refunded for their NEM in yen.
Article By: Adam Stone